Change Details

While playing around with new test key I found out a weird behavior. If I generate a new RSA2048 bit key and encrypt a text for that new key then the text is encrypted for that new key but also for a recipient for which a have a public key for in my keychain. **Generate a basic RSA2408 key** ``` # gpg --version gpg (GnuPG) 2.2.5 libgcrypt 1.8.2 # gpg --gen-key # gpg --list-secret-keys sec rsa2048/0x29969EB210C060E7 2018-03-09 [SC] [expires: 2020-03-08] Key fingerprint = F5D3 B260 4597 1B7F 28C6 52E3 2996 9EB2 10C0 60E7 uid [ultimate] Rsa Test <rsa@test.org> ssb rsa2048/0xC38736A7DF9D89FC 2018-03-09 [E] [expires: 2020-03-08] ``` **Encrypt a text for that RSA keys** ``` # echo "ABCD" > test5.me # gpg -e -armor -r 0x29969EB210C060E7 test5.me ``` **Decrypt the result** ``` # gpg -d test5.me.asc gpg: encrypted with 4096-bit ELG key, ID 0x2A7FA384BC46FB30, created 2005-02-27 "Douglas Eugene Morris <doug@onewebplace.com>" gpg: encrypted with 2048-bit RSA key, ID 0xC38736A7DF9D89FC, created 2018-03-09 "Rsa Test <rsa@test.org>" ABCD ``` **Use PGPDump to get more details** ``` # pgpdump test5.me.asc Old: Public-Key Encrypted Session Key Packet(tag 1)(1038 bytes) New version(3) Key ID - 0x2A7FA384BC46FB30 Pub alg - ElGamal Encrypt-Only(pub 16) ElGamal g^k mod p(4095 bits) - ... ElGamal m * y^k mod p(4096 bits) - ... -> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02 Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes) New version(3) Key ID - 0xC38736A7DF9D89FC Pub alg - RSA Encrypt or Sign(pub 1) RSA m^e mod n(2048 bits) - ... -> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02 New: Symmetrically Encrypted and MDC Packet(tag 18)(58 bytes) Ver 1 Encrypted data [sym alg is specified in pub-key encrypted session key] (plain text + MDC SHA1(20 bytes)) ``` **Get more information about the pub key that is used in addition to the one I specified** ``` # gpg --list-keys 0x2A7FA384BC46FB30 pub dsa1024/0xAFB5238802E2F4BD 2005-02-27 [SCA] Key fingerprint = 07DB FD88 8A1C 5E0D 3623 E5AC AFB5 2388 02E2 F4BD uid [ full ] Douglas Eugene Morris <doug@onewebplace.com> uid [ full ] Douglas Eugene Morris <doug@kenohki.com> uid [ full ] GSWoT:1:309:02E2F4BD sub elg4096/0x2A7FA384BC46FB30 2005-02-27 [E] ``` BTW, is it normal to see SHA1 since I have the following in my configuration file? ``` personal-cipher-preferences AES256 AES192 AES CAST5 3DES personal-digest-preferences SHA512 SHA384 SHA256 SHA224 cert-digest-algo SHA512 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 3DES ZLIB BZIP2 ZIP Uncompressed ```

While playing around with new test key I found out a weird behavior. If I generate a new RSA2048 bit key and encrypt a text for that new key then the text is encrypted for that new key but also for a recipient for which a have a public key for in my keychain. **Generate a basic RSA2408 key** ``` # gpg --version gpg (GnuPG) 2.2.5 libgcrypt 1.8.2 # gpg --gen-key # gpg --list-secret-keys sec rsa2048/0x29969EB210C060E7 2018-03-09 [SC] [expires: 2020-03-08] Key fingerprint = F5D3 B260 4597 1B7F 28C6 52E3 2996 9EB2 10C0 60E7 uid [ultimate] Rsa Test <rsa@test.org> ssb rsa2048/0xC38736A7DF9D89FC 2018-03-09 [E] [expires: 2020-03-08] ``` **Encrypt a text for that RSA keys** ``` # echo "ABCD" > test5.me # gpg -e -armor -r 0x29969EB210C060E7 test5.me ``` **Decrypt the result** ``` # gpg -d test5.me.asc gpg: encrypted with 4096-bit ELG key, ID 0x2A7FA384BC46FB30, created 2005-02-27 "Douglas Eugene Morris <doug@onewebplace.com>" gpg: encrypted with 2048-bit RSA key, ID 0xC38736A7DF9D89FC, created 2018-03-09 "Rsa Test <rsa@test.org>" ABCD ``` **More details** ``` gpg --list-packets test5.me.asc gpg: encrypted with 4096-bit ELG key, ID 0x2A7FA384BC46FB30, created 2005-02-27 "Douglas Eugene Morris <doug@onewebplace.com>" gpg: encrypted with 2048-bit RSA key, ID 0xC38736A7DF9D89FC, created 2018-03-09 "Rsa Test <rsa@test.org>" # off=0 ctb=85 tag=1 hlen=3 plen=1038 :pubkey enc packet: version 3, algo 16, keyid 2A7FA384BC46FB30 data: [4095 bits] data: [4096 bits] # off=1041 ctb=85 tag=1 hlen=3 plen=268 :pubkey enc packet: version 3, algo 1, keyid C38736A7DF9D89FC data: [2048 bits] # off=1312 ctb=d2 tag=18 hlen=2 plen=58 new-ctb :encrypted data packet: length: 58 mdc_method: 2 # off=1325 ctb=a3 tag=8 hlen=1 plen=0 indeterminate :compressed packet: algo=1 # off=1327 ctb=ac tag=11 hlen=2 plen=19 :literal data packet: mode b (62), created 1520637559, name="test5.me", raw data: 5 bytes ``` **Get more information about the pub key that is used in addition to the one I specified** ``` # gpg --list-keys 0x2A7FA384BC46FB30 pub dsa1024/0xAFB5238802E2F4BD 2005-02-27 [SCA] Key fingerprint = 07DB FD88 8A1C 5E0D 3623 E5AC AFB5 2388 02E2 F4BD uid [ full ] Douglas Eugene Morris <doug@onewebplace.com> uid [ full ] Douglas Eugene Morris <doug@kenohki.com> uid [ full ] GSWoT:1:309:02E2F4BD sub elg4096/0x2A7FA384BC46FB30 2005-02-27 [E] ```

While playing around with new test key I found out a weird behavior. If I generate a new RSA2048 bit key and encrypt a text for that new key then the text is encrypted for that new key but also for a recipient for which a have a public key for in my keychain. **Generate a basic RSA2408 key** ``` # gpg --version gpg (GnuPG) 2.2.5 libgcrypt 1.8.2 # gpg --gen-key # gpg --list-secret-keys sec rsa2048/0x29969EB210C060E7 2018-03-09 [SC] [expires: 2020-03-08] Key fingerprint = F5D3 B260 4597 1B7F 28C6 52E3 2996 9EB2 10C0 60E7 uid [ultimate] Rsa Test <rsa@test.org> ssb rsa2048/0xC38736A7DF9D89FC 2018-03-09 [E] [expires: 2020-03-08] ``` **Encrypt a text for that RSA keys** ``` # echo "ABCD" > test5.me # gpg -e -armor -r 0x29969EB210C060E7 test5.me ``` **Decrypt the result** ``` # gpg -d test5.me.asc gpg: encrypted with 4096-bit ELG key, ID 0x2A7FA384BC46FB30, created 2005-02-27 "Douglas Eugene Morris <doug@onewebplace.com>" gpg: encrypted with 2048-bit RSA key, ID 0xC38736A7DF9D89FC, created 2018-03-09 "Rsa Test <rsa@test.org>" ABCD ``` **Use PGPDump to get m**More details** ``` # pgpdump gpg --list-packets test5.me.asc Old: Public-Key Encrypted Session Key Packet(tag 1)(1038 bytes)gpg: encrypted with 4096-bit ELG key, ID 0x2A7FA384BC46FB30, created 2005-02-27 New version(3) "Douglas Eugene Morris <doug@onewebplace.com>" Key ID - 0x2A7FA384BC46FB30gpg: encrypted with 2048-bit RSA key, ID 0xC38736A7DF9D89FC, created 2018-03-09 Pub alg - ElGamal Encrypt-Only(pub 16) "Rsa Test <rsa@test.org>" # off=0 ctb=85 tag=1 hlen=3 plen=1038 :pubkey enc packet: version 3, algo 16, keyid 2A7FA384BC46FB30 ElGamal g^k mod p(data: [4095 bits) - ...] ElGamal m * y^k mod p(data: [4096 bits) - ...] -> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02# off=1041 ctb=85 tag=1 hlen=3 plen=268 Old: Public-Key Encrypted Ses:pubkey enc packet: version Key Packet(tag 1)(268 bytes)3, algo 1, keyid C38736A7DF9D89FC New version(3)data: [2048 bits] Key ID - 0xC38736A7DF9D89FC# off=1312 ctb=d2 tag=18 hlen=2 plen=58 new-ctb :encrypted data packet: Pub alg - RSA Encrypt or Sign(pub 1)length: 58 RSA m^e mod n(2048 bits) - ...mdc_method: 2 -> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02# off=1325 ctb=a3 tag=8 hlen=1 plen=0 indeterminate New: Symmetrically Encrypted and MDC P:compressed packet(tag 18)(58 bytes)t: algo=1 Ver 1# off=1327 ctb=ac tag=11 hlen=2 plen=19 :literal data packet: Encrypted data [sym alg is specified in pub-key encrypted session key]mode b (62), created 1520637559, name="test5.me", (plain text + MDC SHA1(20 raw data: 5 bytes)) ``` **Get more information about the pub key that is used in addition to the one I specified** ``` # gpg --list-keys 0x2A7FA384BC46FB30 pub dsa1024/0xAFB5238802E2F4BD 2005-02-27 [SCA] Key fingerprint = 07DB FD88 8A1C 5E0D 3623 E5AC AFB5 2388 02E2 F4BD uid [ full ] Douglas Eugene Morris <doug@onewebplace.com> uid [ full ] Douglas Eugene Morris <doug@kenohki.com> uid [ full ] GSWoT:1:309:02E2F4BD sub elg4096/0x2A7FA384BC46FB30 2005-02-27 [E] ``` BTW, is it normal to see SHA1 since I have the following in my configuration file? ``` personal-cipher-preferences AES256 AES192 AES CAST5 3DES personal-digest-preferences SHA512 SHA384 SHA256 SHA224 cert-digest-algo SHA512 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 3DES ZLIB BZIP2 ZIP Uncompressed ```