On Dec 16, 9:35 pm, Atif <[email protected]> wrote: > Hey Alan, wanted to see if you had any luck tracking down the issue. After some more searching and a message on the Cryptography mailing list (http://lists.randombit.net/pipermail/cryptography/2012-December/ 003542.html), here is the documentation on generation: http://www.gnupg.org/documentation/manuals/gcrypt/Prime_002dNumber_002dGenerator-Subsystem-Architecture.html (thanks Adam Back).
GnuPG is using Lim-Lee primes from "A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroup," http://citeseerx.ist.psu.edu/viewdoc/download%3Fdoi%3D10.1.1.44.5296%26rep%3Drep1%26type%3Dpdf. libgcrypt offers _gcry_derive_x931_prime and _gcry_generate_fips186_2_prime to generate safe primes of the form p = 2q + 1. Jeff > On Thursday, May 17, 2012 11:25:00 AM UTC-4, Alan Rushforth wrote: > > > Hello, > > > I have generated a key pair using GnuPG and am trying to use Crypto++ to > > decrypt an Elgamal encrypted PGP message with the private key. I have > > extracted the p,g and x values from the private key and can use these to > > encrypt and decrypt arbitrary strings. However when ever I try to decrypt > > my encrypted PGP session key it fails. I get a DL_BadElement element > > exception. My problem is exactly the same as the one mentioned in the > > following post from 2003 but it doesn't look like he ever got an answer. > > >https://groups.google.com/d/topic/cryptopp-users/_NJoj8Dqtws/discussion > > > I am using Crypto++ 5.6.1. I have run crypttest and all the tests pass. I > > have also put the key and the message throughhttp://www.pgpdump.net/ > > (it was only a test key) and have compared all the values to ensure I am > > extracting them correctly. The bit that fails seems to be the jacobi test > > on the first half of my cipher text and the modulus. It complains that it > > is not a quadratic residue. As I understand it this means that it isnt a > > very good key. It seems unlikely (but not impossible) that GnuPG would > > select a poor key but even if this is the case why does it stop me > > decrypting it? > > > I have tried validating the keys and they pass up to level 1 but fail on 2 > > and 3 as it says my q value (p/2) is not prime. Again it would seem odd for > > GnuPG to have selected a bad key. Is there another way that I can verify > > the key? > > > Any help on this would be greatly appreciated as I have been banging my > > head against it for days now. > > > And just to prempt the inevitable; i do have to use Elgamal :) > > > Thanks, > > Alan. -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
