Page MenuHome GnuPG
Feed Advanced Search

Feb 9 2017

bslbckr added a comment to T2953: scdaemon fails to decrypt if unusual key-size is chosen.

I'm having trouble decrypting some mails. I use an encryption sub-key with a
unusual length of 3104 bits. I described my problem in the gnupg-users mailing
list and there the following problem was identified:
<quote>
I think that it is deterministic; The cause is that the RSA keysize is
not the one in the set of: 1024, 1536, 2048, 3072, 4096. When data to
be decrypted is padded, scdaemon can't decrypt, I suppose.

I am not sure the exact reason why scdaemon only supports limited set of
keysize for encryption. But we have this handling of padding in the
current code:

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=scd/app-openpgp.c;h=71c9e1b83003af07b0984688ba1ec5e9013b877c;hb=refs/heads/master#l4334

       /* We might encounter a couple of leading zeroes in the
          cryptogram.  Due to internal use of MPIs these leading zeroes
          are stripped.  However the OpenPGP card expects exactly 128
          bytes for the cryptogram (for a 1k key).  Thus we need to fix
          it up.  We do this for up to 16 leading zero bytes; a
          cryptogram with more than this is with a very high
          probability anyway broken.  If a signed conversion was used
          we may also encounter one leading zero followed by the correct
          length.  We fix that as well.  */
       if (indatalen >= (128-16) && indatalen < 128)      /* 1024 bit key.  */
         fixuplen = 128 - indatalen;
       else if (indatalen >= (192-16) && indatalen < 192) /* 1536 bit key.  */
         fixuplen = 192 - indatalen;
       else if (indatalen >= (256-16) && indatalen < 256) /* 2048 bit key.  */
         fixuplen = 256 - indatalen;
       else if (indatalen >= (384-16) && indatalen < 384) /* 3072 bit key.  */
         fixuplen = 384 - indatalen;
       else if (indatalen >= (512-16) && indatalen < 512) /* 4096 bit key.  */
         fixuplen = 512 - indatalen;
       else if (!*(const char *)indata && (indatalen == 129
                                           || indatalen == 193
                                           || indatalen == 257
                                           || indatalen == 385
                                           || indatalen == 513))
         fixuplen = -1;
       else
         fixuplen = 0;

Perhaps, it was due to support all existing OpenPGP card
implementations, I mean, somehow historical, and it was easier to list
up specific keysizes.

This should be fixed.
</quote>

I also attached to log-files of the scdaemon. One for a successful and one for a
failed decryption attempt.

Please let me know if you need any additional information.

Feb 9 2017, 8:46 PM · Bug Report, gnupg, scd
bslbckr added a comment to T2953: scdaemon fails to decrypt if unusual key-size is chosen.

Feb 9 2017, 8:42 PM · Bug Report, gnupg, scd
bslbckr added a comment to T2953: scdaemon fails to decrypt if unusual key-size is chosen.

Feb 9 2017, 8:42 PM · Bug Report, gnupg, scd
bslbckr set External Link to https://lists.gnupg.org/pipermail/gnupg-users/2017-February/057637.html on T2953: scdaemon fails to decrypt if unusual key-size is chosen.
Feb 9 2017, 8:42 PM · Bug Report, gnupg, scd
bslbckr added projects to T2953: scdaemon fails to decrypt if unusual key-size is chosen: scd, gnupg, Bug Report.
Feb 9 2017, 8:42 PM · Bug Report, gnupg, scd