Page MenuHome GnuPG
Create Task
Maniphest T415

PGP uses wrong OpenPGP card subkey
Closed, ResolvedPublic
Actions

Description

Release: gnupg-w32cli-1.4.0a

Environment

P4 2.4GHz, Windows XP

Description

I have experienced problems when receiving a file encrypted by use of PGP. I could not decrypt this file.
The problem seems to be caused by PGP using the wrong sub key.
In detail:
A public key generated within OpenPGP Card (1.0) by use of GnuPG contains 3 RSA keys. This seems to be: The main key for signatures, sub key one for encryption and sub key two for authentication.
When:

  • exporting this key from GnuPG
  • importing this key into PGP (probably V6.x)
  • then encrypting a file/msg for the owner of this key by use of PGP. Then: PGP is using the wrong sub key (sub key 2 instead of sub key 1). Because of this the owner cannot decrypt the file since trying to decrypt a file encrypted by authentication key fails with GnuPG. I do not know if this is a bug of GnuPG or PGP, but to keep compatible to PGP this is required to be fixed somehow in GnuPG. E.g. the authentication key could be (optionally) omitted when exporting this key from GnuPG.

Event Timeline

michaelp added projects: gnupg, Bug Report.Jan 31 2005, 3:49 PM
dshaw added a subscriber: dshaw.Jan 31 2005, 8:20 PM

This is a PGP bug - even the latest version will happily
encrypt to an authentication-only key. I will notify the
PGP people, and ponder some workarounds. I don't like the
idea to not export the auth key since it makes two different
exports (one for gpg users, one for pgp users) and that will
confuse people.

dshaw added a comment.Jan 31 2005, 9:51 PM

Amusingly enough, PGP will also quite happily encrypt to a RSA sign-only key.

dshaw added a comment.Feb 1 2005, 6:22 PM

I've made a workaround for 1.4.1 - since PGP will try and
encrypt to the most recent subkey (regardless of the key
flags that tell it not to), I've arranged to put the
authentication subkey before the encryption subkey. This is
at best a workaround and does not fully fix the problem
(say, if the encryption subkey expires). The card does not
allow decrypting using the auth key, and it does not seem
practical or wise to extract the auth key material from the
card to decrypt such messages. It's up to the PGP folks now
. This is the same bug I reported to them back in 2003.

dshaw closed this task as Resolved.Feb 1 2005, 6:22 PM