Re: False Decrypt Error...
Eric Robinson wrote: Hello David, Thanks so much for responding... We have switched from PGP to GPG and we have some of our customers are still using PGP, ¨PGPÁÀNŠˆæ ° is the first part of the message. snip Ask your customers to make sure their messages are ASCII-armored - not sure how to set this with the PGP GUI versions, but for the command line version the manual says: To produce a ciphertext file in ASCII radix-64 format, just add the -a option when encrypting or signing a mes- sage or extracting a key: pgp -sea textfile her_userid pgp -kxa userid keyfile [keyring] HTH, -- Alphax Death to all fanatics! Down with categorical imperative! OpenPGP key: http://tinyurl.com/lvq4g signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: False Decrypt Error...
On Tue, Jun 13, 2006 at 10:37:07AM -0500, Eric Robinson wrote: Is anyone familiar with the following error? Standard Error: gpg: WARNING: unsafe permissions on homedir /opt/fxnet/gpggpg: WARNING: using insecure memory!gpg: please see http://www.gnupg.org/faq.html for more informationgpg: encrypted with 1024-bit ELG-E key, ID 07B01208, created 2004-07-14 entsys (FedExNet GPG Key) gpg: [don't know]: invalid packet (ctb=2f)gpg: WARNING: message was not integrity protected My tech guy says it has nothing to do with the 'WARNING: using insecure memory!' message, but it is the 'WARNING: message was not integrity protected' messagei have checked the FAQ's and found some info on the insecure memory that he says isn't the issue... You've got a bunch of warnings here. Let's take them one at a time: gpg: WARNING: unsafe permissions on homedir /opt/fxnet/gpg Just what it says: the directory /opt/fxnet/gpg is writable by someone other than you. It's a good idea for you to fix it, but it isn't the cause of your problem. gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information GPG tries to lock a small amount of memory so you can't accidentally swap a passphrase out to disk. Depending on how you are using GPG, this may not be significant to you. Either way, it's not the cause of your problem. gpg: WARNING: message was not integrity protected This means that there is no integrity protection packet on the message. There is a very difficult attack against the old PGP message format that the integrity protected format combats. This isn't the cause of your problem either. gpg: [don't know]: invalid packet (ctb=2f) THIS is your problem. GPG found garbage in the message that could not be parsed. Since you say the message was decrypted correctly before the garbage was found, it's likely the garbage is at the end. Is this an armored (i.e. --- BEGIN PGP MESSAGE ---) message or binary (not printable ASCII)? David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: False Decrypt Error...
On Tue, Jun 13, 2006 at 01:40:51PM -0500, Eric Robinson wrote: Hello David, Thanks so much for responding... We have switched from PGP to GPG and we have some of our customers are still using PGP, ¨PGPÁÀNŠˆæ ° is the first part of the message. What you said below is suspicous, I did notice a null value 00, hex 20 20, at the end of the file, I stripped it out and resubmitted it and it processed fine. I will go on that assumption for now and edit these files that come in and fail. If that's the case I'll get our development team towrite a program to strip these out automatically before decryption. Take a look at how you're transferring the files around. It's a very common problem where people use FTP in ascii mode to copy the files around and end up with them mangled. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: False Decrypt Error...
Ok, will do, in this case they send 10 files each day and maybe 1 a week errors out like this... Thanks again, Eric - Eric Robinson Business Application Advisor FedEx Corporate Services Internet Engineering EC Integration 901.263.5749 - -Original Message- From: David Shaw [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 13, 2006 1:47 PM To: Eric Robinson Cc: gnupg-users@gnupg.org Subject: Re: False Decrypt Error... On Tue, Jun 13, 2006 at 01:40:51PM -0500, Eric Robinson wrote: Hello David, Thanks so much for responding... We have switched from PGP to GPG and we have some of our customers are still using PGP, ¨PGPÁÀNŠˆæ ° is the first part of the message. What you said below is suspicous, I did notice a null value 00, hex 20 20, at the end of the file, I stripped it out and resubmitted it and it processed fine. I will go on that assumption for now and edit these files that come in and fail. If that's the case I'll get our development team towrite a program to strip these out automatically before decryption. Take a look at how you're transferring the files around. It's a very common problem where people use FTP in ascii mode to copy the files around and end up with them mangled. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: False Decrypt Error...
Hello David, Thanks so much for responding... We have switched from PGP to GPG and we have some of our customers are still using PGP, ¨PGPÁÀNŠˆæ ° is the first part of the message. What you said below is suspicous, I did notice a null value 00, hex 20 20, at the end of the file, I stripped it out and resubmitted it and it processed fine. I will go on that assumption for now and edit these files that come in and fail. If that's the case I'll get our development team towrite a program to strip these out automatically before decryption. Thanks for your time in this. Eric - Eric Robinson Business Application Advisor FedEx Corporate Services Internet Engineering EC Integration 901.263.5749 - -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Shaw Sent: Tuesday, June 13, 2006 12:52 PM To: gnupg-users@gnupg.org Subject: Re: False Decrypt Error... On Tue, Jun 13, 2006 at 10:37:07AM -0500, Eric Robinson wrote: Is anyone familiar with the following error? Standard Error: gpg: WARNING: unsafe permissions on homedir /opt/fxnet/gpggpg: WARNING: using insecure memory!gpg: please see http://www.gnupg.org/faq.html for more informationgpg: encrypted with 1024-bit ELG-E key, ID 07B01208, created 2004-07-14 entsys (FedExNet GPG Key) gpg: [don't know]: invalid packet (ctb=2f)gpg: WARNING: message was not integrity protected My tech guy says it has nothing to do with the 'WARNING: using insecure memory!' message, but it is the 'WARNING: message was not integrity protected' messagei have checked the FAQ's and found some info on the insecure memory that he says isn't the issue... You've got a bunch of warnings here. Let's take them one at a time: gpg: WARNING: unsafe permissions on homedir /opt/fxnet/gpg Just what it says: the directory /opt/fxnet/gpg is writable by someone other than you. It's a good idea for you to fix it, but it isn't the cause of your problem. gpg: WARNING: using insecure memory! gpg: please see http://www.gnupg.org/faq.html for more information GPG tries to lock a small amount of memory so you can't accidentally swap a passphrase out to disk. Depending on how you are using GPG, this may not be significant to you. Either way, it's not the cause of your problem. gpg: WARNING: message was not integrity protected This means that there is no integrity protection packet on the message. There is a very difficult attack against the old PGP message format that the integrity protected format combats. This isn't the cause of your problem either. gpg: [don't know]: invalid packet (ctb=2f) THIS is your problem. GPG found garbage in the message that could not be parsed. Since you say the message was decrypted correctly before the garbage was found, it's likely the garbage is at the end. Is this an armored (i.e. --- BEGIN PGP MESSAGE ---) message or binary (not printable ASCII)? David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users