Decryption with gpg2 and the OpenPGP smartcard can sometimes
fail with a message like
gpg: encrypted with 1024-bit RSA key, ID XYXYXYXY, created 2005-06-30
"MY ID"
gpg: public key decryption failed: Conditions of use not satisfied
Description
Description
Details
Details
- Version
- 2.0.5
Event Timeline
Comment Actions
Note if you want to check if you message has this problem,
try gpg2 on the command line like
gpg2 -v --decrypt msg.asc
Comment Actions
Volker Dormeyer reports that the problem is also there with
gpg --version
gpg (GnuPG) 1.4.6 [..] volker@freedom:~$ gpg -v email.asc gpg: armor header: Version: GnuPG v2.0.5 (GNU/Linux) [..] gpg: public key is XXYYXXYY gpg: using subkey XXYYXXYY instead of primary key ZZZZZZZZ gpg: sending command `SCD PKDECRYPT' to agent failed: ec=6.131 [..] gpg: public key decryption failed: general error [..] gpg: decryption failed: secret key not available
Comment Actions
gpg 1.4.x uses gpg-agent and scdaemon if available, thus it is clear that the
problem exists there too.
Comment Actions
Fixed in SVN 4644; to be released with gnupg 2.0.8. Will also be fixed in the
forthcoming GnuPG 1.4.8.
Background:
We might encounter a couple of leading zeroes in the cryptogram. Due to internal use of MPIs thease leading zeroes are stripped. However the OpenPGP card expects exactly 128 bytes for the cryptogram (for a 1k key). Thus we need to fix it up. We do this for up to 16 leading zero bytes; a cryptogram with more than this is with a very high probability anyway broken.