Ubuntu
gnupg2 package

gpg: ecdh failed in gcry_cipher_decrypt: Checksum error

Bug #2024496 reported by Jan Graichen
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnupg2 (Ubuntu)
New
Undecided
Unassigned

Bug Description

With "throw-keyids" enabled, encrypted files do not contain the recipient key IDs. When decrypting, gpg tries all available secret keys until a valid key is found. When there are multiple ECDH keys present, if the *first* key does not match, and a second is tried, all following tries will report an error. gpg exits with and error code, but the message actually _is_ decrypted and printed:

    root@immortal-colt:~# gpg --decrypt secret.gpg
    gpg: error getting version from 'scdaemon': No SmartCard daemon
    gpg: anonymous recipient; trying secret key 842F5314C2E18EFC ...
    gpg: ecdh failed in gcry_cipher_decrypt: Checksum error
    gpg: anonymous recipient; trying secret key B525EE73BB763C0A ...
    gpg: okay, we are the anonymous recipient.
    gpg: encrypted with ECDH key, ID 0000000000000000
    Hello World

Steps to reproduce:

1. Generate two or more keys:

    root@immortal-colt:~# gpg --default-new-key-algo "ed25519/cert,sign+cv25519/encr" --quick-generate-key '<email address hidden>'
    [..]
    root@immortal-colt:~# gpg --default-new-key-algo "ed25519/cert,sign+cv25519/encr" --quick-generate-key '<email address hidden>'
    [..]

2. Enable throw-keyids:

    root@immortal-colt:~# echo throw-keyids >> ~/.gnupg/gpg.conf

3. Encrypt a secret message:

    root@immortal-colt:~# echo 'Hello World' | gpg --encrypt -r <email address hidden> > secret.gpg

4. Try to decrypt:

    root@immortal-colt:~# gpg --decrypt secret.gpg
    gpg: error getting version from 'scdaemon': No SmartCard daemon
    gpg: anonymous recipient; trying secret key 842F5314C2E18EFC ...
    gpg: ecdh failed in gcry_cipher_decrypt: Checksum error
    gpg: anonymous recipient; trying secret key B525EE73BB763C0A ...
    gpg: okay, we are the anonymous recipient.
    gpg: encrypted with ECDH key, ID 0000000000000000
    Hello World

ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: gpg 2.2.27-3ubuntu2.1
ProcVersionSignature: Ubuntu 6.1.0-1014.14-oem 6.1.29
Uname: Linux 6.1.0-1014-oem x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Tue Jun 20 20:41:33 2023
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: gnupg2
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Jan Graichen (jgraichen) wrote :
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.