Change Details

Originally reported as a Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=2054964 Encrypting&signing file with forced aead (--force-aead) prints the OCB modes will be used, but decrypting claims the CFB mode is used: $ gpg -u testkey --force-aead -vsc foo gpg: AES256.OCB encryption will be used $ gpg -vd foo.gpg gpg: AES256.CFB encrypted data After some digging into the code, it turns out the symkey packets created by the function sign_symencrypt_file() are a bit different than the ones created with encrypt_simple() (v4 only, no information about aead). After changing the function to use v5 and propagate the aead the tools report correct modes: gpg2 -v -d the_file.enc gpg: AES256.OCB encrypted data Otherwise, the --list-packets shows even with the old version that the AEAD encrypted packet is correctly used: # off=15 ctb=d4 tag=20 hlen=3 plen=194 new-ctb :aead encrypted packet: cipher=9 aead=2 cb=16 length: 194 and the decryption looks like working just fine regardless the claims in the verbose logs. Proposed patch: {F3300195} I am not sure if there are more places where such packets are constructed that are worth checking or if there would be a good place to write some sanity/regression test to make sure this works as expected, but I can have a look into that later.

Originally reported as a Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=2054964 Encrypting&signing file with forced aead (--force-aead) prints the OCB modes will be used, but decrypting claims the CFB mode is used: ``` $ gpg -u testkey --force-aead -vsc foo gpg: AES256.OCB encryption will be used $ gpg -vd foo.gpg gpg: AES256.CFB encrypted data ``` After some digging into the code, it turns out the symkey packets created by the function sign_symencrypt_file() are a bit different than the ones created with encrypt_simple() (v4 only, no information about aead). After changing the function to use v5 and propagate the aead the tools report correct modes: ``` gpg2 -v -d the_file.enc gpg: AES256.OCB encrypted data ``` Otherwise, the --list-packets shows even with the old version that the AEAD encrypted packet is correctly used: ``` # off=15 ctb=d4 tag=20 hlen=3 plen=194 new-ctb :aead encrypted packet: cipher=9 aead=2 cb=16 length: 194 ``` and the decryption looks like working just fine regardless the claims in the verbose logs. Proposed patch: {F3300195} I am not sure if there are more places where such packets are constructed that are worth checking or if there would be a good place to write some sanity/regression test to make sure this works as expected, but I can have a look into that later.

Originally reported as a Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=2054964 Encrypting&signing file with forced aead (--force-aead) prints the OCB modes will be used, but decrypting claims the CFB mode is used: ``` $ gpg -u testkey --force-aead -vsc foo gpg: AES256.OCB encryption will be used $ gpg -vd foo.gpg gpg: AES256.CFB encrypted data ``` After some digging into the code, it turns out the symkey packets created by the function sign_symencrypt_file() are a bit different than the ones created with encrypt_simple() (v4 only, no information about aead). After changing the function to use v5 and propagate the aead the tools report correct modes: ``` gpg2 -v -d the_file.enc gpg: AES256.OCB encrypted data ``` Otherwise, the --list-packets shows even with the old version that the AEAD encrypted packet is correctly used: ``` # off=15 ctb=d4 tag=20 hlen=3 plen=194 new-ctb :aead encrypted packet: cipher=9 aead=2 cb=16 length: 194 ``` and the decryption looks like working just fine regardless the claims in the verbose logs. Proposed patch: {F3300195} I am not sure if there are more places where such packets are constructed that are worth checking or if there would be a good place to write some sanity/regression test to make sure this works as expected, but I can have a look into that later.