GnuPG fails to decrypt file encrypted with more than one password with any password but the first
Closed, WontfixPublic

Description

This message is encrypted with two passwords, 'a' and 'b':

% cat hello.symmetric.asc 
-----BEGIN PGP MESSAGE-----

wy4ECQMIGmAnjc97EU7p1MLrxt9q12P80Rsn8hm55jXwXYTunD3DvvI5H0eB9DiZ
wy4ECQMIGAxa4+qnCb/pIe3S0sMWSafAiYVx7ASMhtcUiWBPFiwHbQuXE/vwqbCH
0jcBcn/T5lXcDZP0aQd47LZiUL2sADwbLB/M/FkoFO+5R6Fb4yYEdme+dyaJuDgY
xysOfLbde3Nc
=8do1
-----END PGP MESSAGE-----
% gpg --list-packets hello.symmetric.asc
gpg: AES256 encrypted session key
gpg: encrypted with 2 passphrases
# off=0 ctb=c3 tag=3 hlen=2 plen=46 new-ctb
:symkey enc packet: version 4, cipher 9, s2k 3, hash 8, seskey 256 bits
        salt 1A60278DCF7B114E, count 26214400 (233)
# off=48 ctb=c3 tag=3 hlen=2 plen=46 new-ctb
:symkey enc packet: version 4, cipher 9, s2k 3, hash 8, seskey 256 bits
        salt 180C5AE3EAA709BF, count 26214400 (233)
# off=96 ctb=d2 tag=18 hlen=2 plen=55 new-ctb
:encrypted data packet:
        length: 55
        mdc_method: 2
# off=117 ctb=cb tag=11 hlen=2 plen=12 new-ctb
:literal data packet:
        mode b (62), created 0, name="",
        raw data: 6 bytes

Decryption works with password 'a':

% gpg --decrypt hello.symmetric.asc
gpg: AES256 encrypted session key
gpg: encrypted with 2 passphrases
hello

But not with password 'b':

% gpgconf --kill gpg-agent
% gpg --decrypt hello.symmetric.asc
gpg: AES256 encrypted session key
gpg: encrypted with 2 passphrases
gpg: decryption failed: Invalid cipher algorithm
justus created this task.Jul 2 2018, 1:47 PM
justus created this object in space S1 Public.
werner triaged this task as High priority.Jul 3 2018, 11:38 AM

It seems @gniibe fixed that en-passant in master. At least I can only replicate this with 2.2.

werner added a comment.Jul 6 2018, 7:55 AM

My bad. I looked at the wrong working copy. Will pick that commit.

werner closed this task as Wontfix.Jul 6 2018, 8:37 AM
werner claimed this task.

Won't fix for 2.2 or CFB encryption.

It is actually more complicate; see T3795. Anyway, I backported the patch from T3795 so that we will have success in ~95% of all cases. There won't be a full fix for 2.2 - it didn't worked for 20 years and thus waiting for 2.3 and AEAD is a suitable solution.