Page MenuHome GnuPG

PGP uses wrong OpenPGP card subkey
Closed, ResolvedPublic

Description

Release: gnupg-w32cli-1.4.0a

Environment

P4 2.4GHz, Windows XP

Description

I have experienced problems when receiving a file encrypted by use of PGP. I could not decrypt this file.
The problem seems to be caused by PGP using the wrong sub key.
In detail:
A public key generated within OpenPGP Card (1.0) by use of GnuPG contains 3 RSA keys. This seems to be: The main key for signatures, sub key one for encryption and sub key two for authentication.
When:

  • exporting this key from GnuPG
  • importing this key into PGP (probably V6.x)
  • then encrypting a file/msg for the owner of this key by use of PGP. Then: PGP is using the wrong sub key (sub key 2 instead of sub key 1). Because of this the owner cannot decrypt the file since trying to decrypt a file encrypted by authentication key fails with GnuPG. I do not know if this is a bug of GnuPG or PGP, but to keep compatible to PGP this is required to be fixed somehow in GnuPG. E.g. the authentication key could be (optionally) omitted when exporting this key from GnuPG.

Event Timeline

This is a PGP bug - even the latest version will happily
encrypt to an authentication-only key. I will notify the
PGP people, and ponder some workarounds. I don't like the
idea to not export the auth key since it makes two different
exports (one for gpg users, one for pgp users) and that will
confuse people.

Amusingly enough, PGP will also quite happily encrypt to a RSA sign-only key.

I've made a workaround for 1.4.1 - since PGP will try and
encrypt to the most recent subkey (regardless of the key
flags that tell it not to), I've arranged to put the
authentication subkey before the encryption subkey. This is
at best a workaround and does not fully fix the problem
(say, if the encryption subkey expires). The card does not
allow decrypting using the auth key, and it does not seem
practical or wise to extract the auth key material from the
card to decrypt such messages. It's up to the PGP folks now
. This is the same bug I reported to them back in 2003.