Bug#987956: libgcrypt20: ECDH decryption fails with "gpg: public key decryption failed: Invalid object" error message
On Sun, 02 May 2021 19:47:15 +0200 "Xavier G." wrote: > Package: libgcrypt20 > Version: 1.8.7-4 > Severity: important > > Dear Maintainer, > > After a full-upgrade in Sid on 2021-05-02, `gpg --decrypt somefile.gpg` fails: > > gpg: encrypted with 256-bit ECDH key, ID [hopefully irrelevant] > gpg: public key decryption failed: Invalid object > gpg: decryption failed: No secret key [...] > The second patch is precisely about returning "Invalid object" / > GPG_ERR_INV_OBJ in some case related to GnuPG and ECDH decryption. Sorry, it's my fault. Fixed in the upstream repo. It's tracked by: https://dev.gnupg.org/T5423 --
Bug#987956: libgcrypt20: ECDH decryption fails with "gpg: public key decryption failed: Invalid object" error message
I can confirm the bug: can no longer decrypt a file encrypted with a 256-bit ECDH sub-key. Downgrading libcrypt20 to 1.8.7-3 solves the problem. Cheers, -- Francesc
Bug#987956: libgcrypt20: ECDH decryption fails with "gpg: public key decryption failed: Invalid object" error message
Control: severity -1 serious On 2021-05-02 "Xavier G." wrote: > Package: libgcrypt20 > Version: 1.8.7-4 > Severity: important > Dear Maintainer, > After a full-upgrade in Sid on 2021-05-02, `gpg --decrypt somefile.gpg` fails: [...] > Considering the list of updated packages this day, libgcrypt20:amd64 (1.8.7-3, > 1.8.7-4) is the likely culprit. Its changelog states: > libgcrypt20 (1.8.7-4) unstable; urgency=medium > * Update from LIBGCRYPT-1.8-BRANCH: > + 30_07-Fix-previous-commit.patch > + 30_08-ecc-Check-the-input-length-for-the-point.patch >-- Andreas Metzler Sun, 02 May 2021 13:58:47 +0200 > The second patch is precisely about returning "Invalid object" / > GPG_ERR_INV_OBJ in some case related to GnuPG and ECDH decryption. > Therefore, could you please double-check this patch? Looks fishy, but I have not got time check now. Lets bump the severity to make double-sure it does not propagate to testing. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Bug#987956: libgcrypt20: ECDH decryption fails with "gpg: public key decryption failed: Invalid object" error message
Package: libgcrypt20 Version: 1.8.7-4 Severity: important Dear Maintainer, After a full-upgrade in Sid on 2021-05-02, `gpg --decrypt somefile.gpg` fails: gpg: encrypted with 256-bit ECDH key, ID [hopefully irrelevant] gpg: public key decryption failed: Invalid object gpg: decryption failed: No secret key Strace provides a little more context: read(6, "S INQUIRE_MAXLEN 4096\nINQUIRE CIPHERT"..., 1002) = 41 write(6, "D (7:enc-val(4:ecdh(1:s49:0V\333\26\231\377\242\231\237b\375"..., 120) = 120 write(6, "END", 3) = 3 write(6, "\n", 1) = 1 read(6, "ERR 16777281 Invalid object \n", 1002) = 37 Considering the list of updated packages this day, libgcrypt20:amd64 (1.8.7-3, 1.8.7-4) is the likely culprit. Its changelog states: libgcrypt20 (1.8.7-4) unstable; urgency=medium * Update from LIBGCRYPT-1.8-BRANCH: + 30_07-Fix-previous-commit.patch + 30_08-ecc-Check-the-input-length-for-the-point.patch -- Andreas Metzler Sun, 02 May 2021 13:58:47 +0200 The second patch is precisely about returning "Invalid object" / GPG_ERR_INV_OBJ in some case related to GnuPG and ECDH decryption. Therefore, could you please double-check this patch? Thanks for your work. Cheers, -- Xavier G. -- System Information: Debian Release: 11.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-6-amd64 (SMP w/4 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages libgcrypt20 depends on: ii libc6 2.31-12 ii libgpg-error0 1.38-2 libgcrypt20 recommends no packages. Versions of packages libgcrypt20 suggests: pn rng-tools -- no debconf information
