The reference key labeled as "Alice's OpenPGP Transferable Secret Key" in draft-bre-openpgp-samples-00 is an EdDSA key, with Symmetric algorithm preferences [AES256, AES192, AES128, TripleDES]. GnuPG can correctly perform encrypt/decrypt roundtrips using this key, using AES256.
We provide a ciphertext encrypted to Alice's public key, but using AES128. This ciphertext was generated with github.com/ProtonMail/crypto and is decryptable by other implementations, however, gpg cannot decrypt:
$ gpg --version gpg (GnuPG) 2.2.12 libgcrypt 1.8.4 $ echo "Enc/Dec roundtrip proof" | gpg --encrypt --recipient "Alice Lovelace" | gpg --decrypt gpg: encrypted with 256-bit ECDH key, ID 4766F6B9D5F21EB6, created 2019-01-22 "Alice Lovelace <alice@openpgp.example>" Enc/Dec roundtrip proof $ gpg --decrypt ciphertext.asc gpg: encrypted with 256-bit ECDH key, ID 4766F6B9D5F21EB6, created 2019-01-22 "Alice Lovelace <alice@openpgp.example>" gpg: public key decryption failed: Wrong secret key used gpg: decryption failed: No secret key
Possible cause
This might be related to unsupported size-obfuscation PKCS5 paddings (see 13.5 of the draft).
OS information:
Distributor ID: Ubuntu
Description: Ubuntu 19.10
Release: 19.10
Codename: eoan