If file is encrypted to multiple passwords then GnuPG seems to fail to decrypt it using the second password.
However this works fine if AEAD encryption is used.
Encrypted test files are attached.
Description
Details
- Version
- 24ae5af
Revisions and Commits
Related Objects
Event Timeline
Please see the original file (hello.txt), CFB-encrypted to two passwords (hello.txt.cfb), and AEAD-encrypted (hello.txt.aead).
Passwords used are '1' and '2'.
With AEAD we can immediately check whether the correct passphrase is used. With CFB we can't do that and thus the checking is delayed until we can do the bulk encryption using the session key. At that point it is too late to check for other keys - well we could record that all and try again but that would make the code pretty complicate.
I implemented a basic check for wrong passphrase in CFB mode which should have a 95% chance of catching them: The algo byte in the symkey plaintext is checked to be a valid OpenPGP algo. I close this bug as wontfix and hope that we can soonish move to AEAD.
Argh, sorry for bugging. Clearing comment out - I simply missed fact that my tests are run with random messages, so with 5% probability another password will be interpreted as 'good' for the first SKESK.