Mailing List Archive

Decryption w/o public key does not work in GnuPG 2.3.2
Hi,

I have installed the new 2.3.2 version which supports "decryption w/o public key but with correct card inserted" with commit 50293ec2eb.

I have tried it out with a couple files encrypted with a public key that got lost recently but the private key remains in my smart card. $ gpg --card-status can list the keys when I insert my smart card, but $ gpg --decrypt [FILE] returns the foollwing as if the private key never detected:
```
gpg: encrypted with RSA key, ID 9AEE7E2751187094
gpg: public key decryption failed: No secret key
gpg: decryption failed: No secret key
```

Am I using this feature in the correct way? I just hope my files won't get lost forever. Thanks a lot!

Regards,
Thomas
Decryption w/o public key does not work in GnuPG 2.3.2 [ In reply to ]
Hi,

I have installed the new 2.3.2 version which supports "decryption w/o public key but with correct card inserted" with commit 50293ec2eb.

I have tried it out with a couple files encrypted with a public key that got lost recently but the private key remains in my smart card. $ gpg --card-status can list the keys when I insert my smart card, but no shadow keys are generated and $ gpg --decrypt [FILE] returns the following as if the private key has never been detected:
```
gpg: encrypted with RSA key, ID 9AEE7E2751187094
gpg: public key decryption failed: No secret key
gpg: decryption failed: No secret key
```

Am I using this feature in the correct way? I just hope my files won't get lost forever. Thanks a lot!

Regards,
Thomas
Re: Decryption w/o public key does not work in GnuPG 2.3.2 [ In reply to ]
Hi!

On Wed, 25 Aug 2021 21:36, Thomas Cage said:

> I have installed the new 2.3.2 version which supports "decryption w/o
> public key but with correct card inserted" with commit 50293ec2eb.

The description is a bit too brief. What we do is to lookup the key on
a configured LDAP server. This allows to start using a new box
immediately by simply inserting your smartcard. It is a feature for
largers deployments.

> I have tried it out with a couple files encrypted with a public key
> that got lost recently but the private key remains in my smart card. $

You need to get the public key or re-create it. To do this you need to
know the creation time. This can be done by looping over a range of
dates - unfortunately tehre is still no tool to do this.

> Am I using this feature in the correct way? I just hope my files won't
> get lost forever. Thanks a lot!

It is a matter ot the available tools or the time required to write them
:-(


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.