Failure to decrypt file, encrypted with multiple passwords
Closed, WontfixPublic

Description

If file is encrypted to multiple passwords then GnuPG seems to fail to decrypt it using the second password.
However this works fine if AEAD encryption is used.
Encrypted test files are attached.

onickolay created this object in space S1 Public.

Please see the original file (hello.txt), CFB-encrypted to two passwords (hello.txt.cfb), and AEAD-encrypted (hello.txt.aead).
Passwords used are '1' and '2'.

werner closed this task as Wontfix.Feb 23 2018, 11:00 AM
werner claimed this task.
werner added a subscriber: werner.

With AEAD we can immediately check whether the correct passphrase is used. With CFB we can't do that and thus the checking is delayed until we can do the bulk encryption using the session key. At that point it is too late to check for other keys - well we could record that all and try again but that would make the code pretty complicate.

I implemented a basic check for wrong passphrase in CFB mode which should have a 95% chance of catching them: The algo byte in the symkey plaintext is checked to be a valid OpenPGP algo. I close this bug as wontfix and hope that we can soonish move to AEAD.