Page MenuHome GnuPG
Create Task
Maniphest T7893

GnuPG: Decryption fails if the pinentry dialog for the first tried recipient is canceled
Open, Needs TriagePublic
Actions

Description

When an encrypted file with multiple recipients is decrypted and the first pinentry dialog is cancelled, the decryption failes with input/output error. This also happens, if the first tried key is on a disconnected smartcard key (which one might not have at hand). It also happens, if the file is encrypted for hidden recipients and you want to skip the first tried key via cancel.

To reproduce:

C:\Users\g10\Desktop\testdata\decryption-error>gpg --version
gpg (GnuPG) 2.5.13
libgcrypt 1.11.2

C:\Users\g10\Desktop\testdata\decryption-error>gpg --passphrase '' --batch --quick-gen-key alice

C:\Users\g10\Desktop\testdata\decryption-error>gpg --passphrase '' --batch --quick-gen-key bob

C:\Users\g10\Desktop\testdata\decryption-error>gpg -k
[keyboxd]
---------
pub   ed25519 2025-10-29 [SC] [expires: 2028-10-28]
      8357BEF0821947B2143E47E55FEE1A55400748A6
uid           [ultimate] bob
sub   cv25519 2025-10-29 [E]
      CF76D83EB669B09BEA7927F692FFCEC1F1937FAB

pub   ed25519 2025-10-29 [SC] [expires: 2028-10-28]
      D8C1E89812A369344704864D1AA3723986B4FFD1
uid           [ultimate] alice
sub   cv25519 2025-10-29 [E]
      A7FE784CE20641D6A9A5CF2D39037E00B85645FB

C:\Users\g10\Desktop\testdata\decryption-error>gpg -v --encrypt --armor --recipient alice --recipient bob test.txt
gpg: enabled compatibility flags:
gpg: using subkey 92FFCEC1F1937FAB instead of primary key 5FEE1A55400748A6
gpg: using pgp trust model
gpg: This key belongs to us
gpg: using subkey 39037E00B85645FB instead of primary key 1AA3723986B4FFD1
gpg: This key belongs to us
gpg: reading from 'test.txt'
gpg: writing to 'test.txt.asc'
gpg: ECDH/AES256.OCB encrypted for: "39037E00B85645FB alice"
gpg: ECDH/AES256.OCB encrypted for: "92FFCEC1F1937FAB bob"

C:\Users\g10\Desktop\testdata\decryption-error>gpg -v --decrypt test.txt.asc
gpg: enabled compatibility flags:
gpg: public key is 39037E00B85645FB
gpg: public key is 92FFCEC1F1937FAB
gpg: using subkey 92FFCEC1F1937FAB instead of primary key 5FEE1A55400748A6
gpg: encrypted with cv25519 key, ID 92FFCEC1F1937FAB, created 2025-10-29
      "bob"
gpg: using subkey 39037E00B85645FB instead of primary key 1AA3723986B4FFD1
gpg: encrypted with cv25519 key, ID 39037E00B85645FB, created 2025-10-29
      "alice"
gpg: no running gpg-agent - starting 'C:\\Program Files\\Gpg4win\\..\\GnuPG\\bin\\gpg-agent.exe'
gpg: waiting for the agent to come up ... (8s)
gpg: connection to the agent established
gpg: pinentry launched (2500 qt 1.3.2 - - - - 0/0 -)
[ ... cancel ... ]
gpg: public key decryption failed: Input/output error
gpg: decryption failed: Input/output error

Details

Version
gpg4win-5.0.0-beta395 @ win11

Event Timeline

timegrid created this task.Wed, Oct 29, 4:57 PM
timegrid created this object with edit policy "Contributor (Project)".
ebo renamed this task from GnuPG: Decryption failes if the pinentry dialog for the first tried recipient is canceled to GnuPG: Decryption fails if the pinentry dialog for the first tried recipient is canceled.Thu, Oct 30, 9:40 AM
timegrid added a comment.Thu, Oct 30, 2:58 PM

Note: In the current vsd beta (29) it works (pinentry for the next key is opened):

C:\Users\g10>gpg --version
gpg (GnuPG) 2.2.51
libgcrypt 1.8.12
[...]

C:\Users\g10\Desktop\testdata\decryption-error-vsd>gpg -v --decrypt test.txt.asc
gpg: enabled compatibility flags:
gpg: Öffentlicher Schlüssel ist 267776A17892BED7
gpg: der Unterschlüssel 267776A17892BED7 wird anstelle des Hauptschlüssels D807D5746F05DC0D verwendet
gpg: pinentry launched (6864 qt5 1.3.2 - - - - 0/0 -)
[ ... cancel ... ]
gpg: Öffentlicher Schlüssel ist 1E3847DC10F78E10
gpg: der Unterschlüssel 1E3847DC10F78E10 wird anstelle des Hauptschlüssels FD9C4713DCD090A7 verwendet
gpg: pinentry launched (6960 qt5 1.3.2 - - - - 0/0 -)
[ ... password entered ... ]
gpg: der Unterschlüssel 267776A17892BED7 wird anstelle des Hauptschlüssels D807D5746F05DC0D verwendet
gpg: verschlüsselt mit 3072-Bit RSA Schlüssel, ID 267776A17892BED7, erzeugt 2025-10-30
      "alice"
gpg: Entschlüsselung mit Public-Key-Verfahren fehlgeschlagen: Verarbeitung wurde abgebrochen
gpg: der Unterschlüssel 1E3847DC10F78E10 wird anstelle des Hauptschlüssels FD9C4713DCD090A7 verwendet
gpg: verschlüsselt mit 3072-Bit RSA Schlüssel, ID 1E3847DC10F78E10, erzeugt 2025-10-30
      "bob"
gpg: AES256.OCB verschlüsselte Daten
gpg: Ursprünglicher Dateiname='test.txt'
12345
timegrid added a comment.Thu, Oct 30, 3:03 PM

In gpg4win-4.4.1 it works too.

C:\Users\g10>gpg --version
gpg (GnuPG) 2.4.8
libgcrypt 1.11.1