gpg: ecdh failed in gcry_cipher_decrypt: Checksum error
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnupg2 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
With "throw-keyids" enabled, encrypted files do not contain the recipient key IDs. When decrypting, gpg tries all available secret keys until a valid key is found. When there are multiple ECDH keys present, if the *first* key does not match, and a second is tried, all following tries will report an error. gpg exits with and error code, but the message actually _is_ decrypted and printed:
root@
gpg: error getting version from 'scdaemon': No SmartCard daemon
gpg: anonymous recipient; trying secret key 842F5314C2E18EFC ...
gpg: ecdh failed in gcry_cipher_
gpg: anonymous recipient; trying secret key B525EE73BB763C0A ...
gpg: okay, we are the anonymous recipient.
gpg: encrypted with ECDH key, ID 0000000000000000
Hello World
Steps to reproduce:
1. Generate two or more keys:
root@
[..]
root@
[..]
2. Enable throw-keyids:
root@
3. Encrypt a secret message:
root@
4. Try to decrypt:
root@
gpg: error getting version from 'scdaemon': No SmartCard daemon
gpg: anonymous recipient; trying secret key 842F5314C2E18EFC ...
gpg: ecdh failed in gcry_cipher_
gpg: anonymous recipient; trying secret key B525EE73BB763C0A ...
gpg: okay, we are the anonymous recipient.
gpg: encrypted with ECDH key, ID 0000000000000000
Hello World
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: gpg 2.2.27-3ubuntu2.1
ProcVersionSign
Uname: Linux 6.1.0-1014-oem x86_64
ApportVersion: 2.20.11-0ubuntu82.5
Architecture: amd64
CasperMD5CheckR
Date: Tue Jun 20 20:41:33 2023
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: gnupg2
UpgradeStatus: No upgrade log present (probably fresh install)