Re: False Decrypt Error...

2006-06-14 Thread Alphax 
Eric Robinson wrote:
 Hello David, Thanks so much for responding...
 
 We have switched from PGP to GPG and we have some of our customers
 are still using PGP,
 
 ¨PGPÁÀNŠˆæ °  is the first part of the message.
 
snip

Ask your customers to make sure their messages are ASCII-armored - not
sure how to set this with the PGP GUI versions, but for the command line
version the manual says:

 To produce a ciphertext file  in  ASCII  radix-64  format,
 just  add  the -a option when encrypting or signing a mes-
 sage or extracting a key:
 pgp -sea textfile her_userid
 pgp -kxa userid keyfile [keyring]

HTH,
-- 
Alphax
Death to all fanatics!
  Down with categorical imperative!
OpenPGP key: http://tinyurl.com/lvq4g



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: False Decrypt Error...

2006-06-13 Thread David Shaw 
On Tue, Jun 13, 2006 at 10:37:07AM -0500, Eric Robinson wrote:
 Is anyone familiar with the following error?
 
 Standard Error: gpg: WARNING: unsafe permissions on homedir
 /opt/fxnet/gpggpg: WARNING: using insecure memory!gpg: please see
 http://www.gnupg.org/faq.html for more informationgpg: encrypted with
 1024-bit ELG-E key, ID 07B01208, created 2004-07-14 entsys (FedExNet
 GPG Key) gpg: [don't know]: invalid packet (ctb=2f)gpg: WARNING:
 message was not integrity protected  
 
 My tech guy says it has nothing to do with the 'WARNING: using insecure
 memory!' message, but it is the 'WARNING: message was not integrity
 protected' messagei have checked the FAQ's and found some info on
 the insecure memory that he says isn't the issue...

You've got a bunch of warnings here.  Let's take them one at a time:

 gpg: WARNING: unsafe permissions on homedir /opt/fxnet/gpg

Just what it says: the directory /opt/fxnet/gpg is writable by someone
other than you.  It's a good idea for you to fix it, but it isn't the
cause of your problem.

 gpg: WARNING: using insecure memory!
 gpg: please see http://www.gnupg.org/faq.html for more information

GPG tries to lock a small amount of memory so you can't accidentally
swap a passphrase out to disk.  Depending on how you are using GPG,
this may not be significant to you.  Either way, it's not the cause of
your problem.

 gpg: WARNING: message was not integrity protected

This means that there is no integrity protection packet on the
message.  There is a very difficult attack against the old PGP message
format that the integrity protected format combats.  This isn't the
cause of your problem either.

 gpg: [don't know]: invalid packet (ctb=2f)

THIS is your problem.  GPG found garbage in the message that could not
be parsed.  Since you say the message was decrypted correctly before
the garbage was found, it's likely the garbage is at the end.

Is this an armored (i.e. --- BEGIN PGP MESSAGE ---) message or
binary (not printable ASCII)?

David

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: False Decrypt Error...

2006-06-13 Thread David Shaw 
On Tue, Jun 13, 2006 at 01:40:51PM -0500, Eric Robinson wrote:
 Hello David,
 Thanks so much for responding...
 
 We have switched from PGP to GPG and we have some of our customers are still 
 using PGP, 
 
 ¨PGPÁÀNŠˆæ °  is the first part of the message.
 
 What you said below is suspicous, I did notice a null value 00, hex
 20 20, at the end of the file, I stripped it out and resubmitted it
 and it processed fine.
 
 I will go on that assumption for now and edit these files that come
 in and fail.  If that's the case I'll get our development team
 towrite a program to strip these out automatically before
 decryption.

Take a look at how you're transferring the files around.  It's a very
common problem where people use FTP in ascii mode to copy the files
around and end up with them mangled.

David

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: False Decrypt Error...

2006-06-13 Thread Eric Robinson 
Ok, will do, in this case they send 10 files each day and maybe 1 a week errors 
out like this...
Thanks again,
Eric
 
-
Eric Robinson
Business Application Advisor
FedEx Corporate Services
Internet Engineering  EC Integration
901.263.5749
-


-Original Message-
From: David Shaw [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, June 13, 2006 1:47 PM
To: Eric Robinson
Cc: gnupg-users@gnupg.org
Subject: Re: False Decrypt Error...

On Tue, Jun 13, 2006 at 01:40:51PM -0500, Eric Robinson wrote:
 Hello David,
 Thanks so much for responding...
 
 We have switched from PGP to GPG and we have some of our customers are 
 still using PGP,
 
 ¨PGPÁÀNŠˆæ °  is the first part of the message.
 
 What you said below is suspicous, I did notice a null value 00, hex 20 
 20, at the end of the file, I stripped it out and resubmitted it and 
 it processed fine.
 
 I will go on that assumption for now and edit these files that come in 
 and fail.  If that's the case I'll get our development team towrite a 
 program to strip these out automatically before decryption.

Take a look at how you're transferring the files around.  It's a very common 
problem where people use FTP in ascii mode to copy the files around and end up 
with them mangled.

David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: False Decrypt Error...

2006-06-13 Thread Eric Robinson 
Hello David,
Thanks so much for responding...

We have switched from PGP to GPG and we have some of our customers are still 
using PGP, 

¨PGPÁÀNŠˆæ °  is the first part of the message.

What you said below is suspicous, I did notice a null value 00, hex 20 20, at 
the end of the file, I stripped it out and resubmitted it and it processed fine.

I will go on that assumption for now and edit these files that come in and 
fail.   If that's the case I'll get our development team towrite a program to 
strip these out automatically before decryption. 

Thanks for your time in this.

Eric
 
-
Eric Robinson
Business Application Advisor
FedEx Corporate Services
Internet Engineering  EC Integration
901.263.5749
-


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Shaw
Sent: Tuesday, June 13, 2006 12:52 PM
To: gnupg-users@gnupg.org
Subject: Re: False Decrypt Error...

On Tue, Jun 13, 2006 at 10:37:07AM -0500, Eric Robinson wrote:
 Is anyone familiar with the following error?
 
 Standard Error: gpg: WARNING: unsafe permissions on homedir
 /opt/fxnet/gpggpg: WARNING: using insecure memory!gpg: please see 
 http://www.gnupg.org/faq.html for more informationgpg: encrypted with 
 1024-bit ELG-E key, ID 07B01208, created 2004-07-14 entsys (FedExNet 
 GPG Key) gpg: [don't know]: invalid packet (ctb=2f)gpg: WARNING:
 message was not integrity protected
 
 My tech guy says it has nothing to do with the 'WARNING: using 
 insecure memory!' message, but it is the 'WARNING: message was not 
 integrity protected' messagei have checked the FAQ's and found 
 some info on the insecure memory that he says isn't the issue...

You've got a bunch of warnings here.  Let's take them one at a time:

 gpg: WARNING: unsafe permissions on homedir /opt/fxnet/gpg

Just what it says: the directory /opt/fxnet/gpg is writable by someone other 
than you.  It's a good idea for you to fix it, but it isn't the cause of your 
problem.

 gpg: WARNING: using insecure memory!
 gpg: please see http://www.gnupg.org/faq.html for more information

GPG tries to lock a small amount of memory so you can't accidentally swap a 
passphrase out to disk.  Depending on how you are using GPG, this may not be 
significant to you.  Either way, it's not the cause of your problem.

 gpg: WARNING: message was not integrity protected

This means that there is no integrity protection packet on the message.  There 
is a very difficult attack against the old PGP message format that the 
integrity protected format combats.  This isn't the cause of your problem 
either.

 gpg: [don't know]: invalid packet (ctb=2f)

THIS is your problem.  GPG found garbage in the message that could not be 
parsed.  Since you say the message was decrypted correctly before the garbage 
was found, it's likely the garbage is at the end.

Is this an armored (i.e. --- BEGIN PGP MESSAGE ---) message or binary (not 
printable ASCII)?

David

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users