On Wednesday 06 June 2007 18:56:20 Charly Avital wrote: > Bruno Costacurta wrote the following on 6/6/07 5:23 PM: > > Hello, > > I'm not able to decrpyt message as I received hereafter message about > > using subkey instead of primary key. > > This is your public key, as I have just downloaded it from the servers: > ---------- > pub 1024D/2E604D51 created: 2006-06-11 expires: never usage: SC > trust: unknown validity: unknown > sub 2048g/0CC897B5 created: 2006-06-11 expires: never usage: E > [ unknown] (1). Bruno Costacurta <[EMAIL PROTECTED]> > [ revoked] (2) pubmb01 <[EMAIL PROTECTED]> > [ revoked] (3) pubmb02 <[EMAIL PROTECTED]> > [ revoked] (4) Bruno Costacurta <[EMAIL PROTECTED]> > [ unknown] (5) Bruno Costacurta <[EMAIL PROTECTED]> > [ unknown] (6) Bruno Costacurta <[EMAIL PROTECTED]> > ---------- > > > Is this correct ? Could it be the problem relies on the usage of this > > subkey ? If yes, how to manage my keyring regarding this > > subkey (which is obviously used for en/decrypting not for signing) to be > > able to decrypt ? > > As you can see, your primary key 1024D/2E604D51 is used for SC (Sign, > Certify). > The subkey 2048g/0CC897B5 is used for E encrypting *to you*. Not for > decrypting. > > For decrypting you use your secret key (copy/paste of your own > prompt/output): > /home/bruno: gpg --list-secret-keys 0x2e604D51 > sec 1024D/2E604D51 2006-06-11 > > The message "...using subkey...instead of primary key..." is exactly as > it should be, as pointed out by [EMAIL PROTECTED] in this forum. > > The secret key required for decryption is reported to be where it should > be. > > The problem might be with the encryption process used by the sender of > that message. > > > gpg -v -v --decrypt msg.asc > > gpg: armor: BEGIN PGP MESSAGE > > gpg: armor header: Version: GnuPG v1.4.6 (GNU/Linux) > > > > :pubkey enc packet: version 3, algo 16, keyid 42531C9A0CC897B5 > > > > data: [2048 bits] > > data: [2048 bits] > > gpg: public key is 0CC897B5 > > > > :encrypted data packet: > > > > length: unknown > > I am not sure this 'length: unknown' is as it should be. I have carried > out a few tests with encrypted messages, and there is always a value > after 'length: ..... As I pointed out above, *maybe* there is some > problem with the encryption process used by the sender of the message > you have not been able to decrypt. > > > mdc_method: 2 > > gpg: using subkey 0CC897B5 instead of primary key 2E604D51 > > gpg: encrypted with 2048-bit ELG-E key, ID 0CC897B5, created 2006-06-11 > > "Bruno Costacurta <[EMAIL PROTECTED]>" > > gpg: decryption failed: secret key not available > > I am sending you, separately, a encrypted test message, please let me > know if you can decrypt it. Hello Charly, thanks for your attention and help
Unfortunately I cannot decrypt your test message :
gpg --decrypt charly.asc
gpg: encrypted with 2048-bit ELG-E key, ID CE3A0945, created 2002-02-11
"Charly Avital (GnuPG) <[EMAIL PROTECTED]>"
gpg: encrypted with 2048-bit ELG-E key, ID 0CC897B5, created 2006-06-11
"Bruno Costacurta <[EMAIL PROTECTED]>"
gpg: decryption failed: secret key not available
Is there a way to modify subkey attributes, eg. adding decryption
capabilities. If not, can I'll create a new subket with correct attributes.
Considering I (probably) already lost (mean: cannot decypt) received encrypted
message but will be able to use future messages encrypted with the new
correct subkey.
Bye,
Bruno
>
> Charly
> MacOS 10.4.9 - MacBook Intel C2Duo - GnuPG 1.4.7 - GPG2 2.0.4
>
> _______________________________________________
> Gnupg-users mailing list
> [email protected]
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
--
PGP key ID: 0x2e604d51
Key : http://www.costacurta.org/keys/bruno_costacurta_pgp_key.html
Key fingerprint = 713F 7956 9441 7DEF 58ED 1951 7E07 569B 2E60 4D51
--
pgpkhId9vJPL9.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
