Page MenuHome GnuPG

Compliance: Decryption with non compliant key fails
Closed, ResolvedPublic

Description

Use Case: Decrypting some old emails while running in compliance mode.

  • Encrypt to a non compliant key -> Works
  • Decrypt in compliance mode -> public key decryption failed: Invalid public key algorithm -> Expected decryption without de-vs flag set.

Event Timeline

werner changed the task status from Open to Testing.Jul 27 2017, 2:10 PM
werner removed werner as the assignee of this task.
werner added a subscriber: werner.

I am pretty sure that was also fixed by rGa0d0cbee7654 for T3308

aheinecke changed the task status from Testing to Open.Jul 27 2017, 2:50 PM

Something still fishy.

If I Sign (with vs key) + Encrypt (with non vs key) It works. Encryption and decryption.

If I only Encrypt to a non vs key It fails with invalid public key algorithm.

echo foo | gpg2 -se -uBDAF586B8DAF3D7362FCF847051804A7AE382138 -r dsasec@foo.bar > non_comp.gpg

^ works

 echo foo | gpg2 -er dsasec@foo.bar > non_comp.gpg                                   
gpg: key 0B1FF14F5AEFA91F not suitable for encryption while in --compliance=de-vs mode
gpg: [stdin]: encryption failed: Invalid public key algorithm

Keylisting for this key:

 ~/arbeit/kf5/build/gpgme/tests/run-keylist dsasec                                  
keyid   : 70610F8E7263C1A5
fpr     : BD0E2862A2E6055732F2E36E70610F8E7263C1A5
caps    : esc
flags   : de-vs
upd     : 0 (0)
fpr    1: 42F3C22BA5E7638C78714AAB0B1FF14F5AEFA91F
caps   1: e
flags  1:
userid 0: DSA With Secret <dsasec@foo.bar>
    mbox: dsasec@foo.bar
   email: dsasec@foo.bar
    name: DSA With Secret
   cmmnt: 
     upd: 0 (0)
   valid: ultimate
werner changed the task status from Open to Testing.Jul 27 2017, 3:03 PM
aheinecke claimed this task.

Works in my tests. Thanks.