14 thoughts on - Gpg Can’t Decrypt Message

• I haven’t messed with gpg for a while but it seems to me that the message was encrypted with the worng key. In other words for you (Tim) to be able to decrypt the message uaing your private key Roger should have encrypted it with your public key. You should not have had to import Rogers keys. However if had needed to verify Rogers signature you would need his public key(s).

• looks like he encrypted with HIS public key. So you need his private key to decrypt, obviously you don’t have that. I believe it’s the other way around: he should encrpyt with your public key, then you are the only person capable of decrypting (with your private key).

• You may have the other parties public key, but it seems that the party sending you messages used the wrong public key for you to encrypt the message, key ID 9A41C766 does not correspond to your private key. Maybe they intended to send the message to someone else or maybe that corresponds to and old version of your key that they had on their keyring?

• BTW what would be the point of encrypting, if anyone can just grab a key online and decrypt? :-)

• If you can decrypt his message with his public key, this tells you that the person who has access to secret key of the pair was the one who encrypted the message. This ensures that you know that he is the one who indeed sent this message.

  Somebody, correct me…

  Valeri

  ++++++++++++++++++++++++++++++++++++++++
  Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
  ++++++++++++++++++++++++++++++++++++++++

• It also provides some measure of assurance that tampering of the content has not occurred between time of sending and time of decryption, though just *signing* it with the private key (without also encrypting) should accomplish that as well.

  Still, just think if the NSA/et al had to spend all their ‘bot-net time brute forcing millions of encrypted ‘everyday’ emails.

• that is the purpose of *signing*: authenticate the sender and prevent tampering of the message.

  The purpose of *encrypting* is different: make sure only the intended recipient can read (decrypt) the message.

  Sometimes you do both, but you don’t have to.

• it’s two different processes and they use different keys:
  you sign a message using your private key, but you encrypt a message using the recipient’s public key.

• Sure, I agree, but I just answered the question if encrypting with one’s own secret key is nonsense, which it isn’t, but normally people do what you describes, and that is the way was pgp and gpg are meant to be used… still “unusual thing” as encrypting with one’s own private key isn’t nonsense.

  Valeri

  ++++++++++++++++++++++++++++++++++++++++
  Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
  ++++++++++++++++++++++++++++++++++++++++

• This thread has turned in to ‘cryptography 101’ on the CentOS mailing list. This is my last post…

  Encrypting content (a message) with ones own secret key with the intent of privacy is pointless (or nonesense as you say). With the premise being that the ‘matching’ key to that secret key is, well, public or accessible to anyone. Hense no privacy as the content can be decrypted by anyone.

  Encrypting a message digest or hash with ones own secret key makes perfect sense. That is the essence of a digital signature.

• Well, yeah! The PUBLIC key that you’re sending the message to is accessible to anyone. But the only way to decrypt the message is with the PRIVATE key that is paired with the public key of the recipient. Not sure where you get the idea that this is insecure. The message absolutely CANNOT be decrypted by someone who does not have the private key with which the public key you’re sending the message to is associated.

  cryptography 101 indeed!

• No, it was NOT privacy here that can be the goal, but knowledge that the message indeed comes from the one who has access to secret key. (and I was just answering someone’s question if this is at all nonsense, not suggesting to use pgp/gpg this way)

  In general (not meaning 101 encryption class, I’m not that ambitious), key pair (asymmetric) encryption is:

  There is a pair of keys: A and B. Whatever is encrypted with key A can be decrypted with key B. And vice versa, whatever is encrypted with key B can be decrypted with key A. In that respect keys are equivalent (only once designated secret key should stay such forever).

  Unusual way of encrypting with one’s own secret key is not a nonsense, and serves the same goal as digital signature does (the last being preferable IMHO…). If you go to wikipedia article Public-key_cryptography you will find this use there, it is in the section titled “Inverse Public Key Encryption”.

  So, what is less usual or irregular is not total nonsense.

  Cryptologists (or mathematicians) – you have last word ! (after which we –
  all us others – will shut up ;-)

  Valeri

  ++++++++++++++++++++++++++++++++++++++++
  Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
  ++++++++++++++++++++++++++++++++++++++++

• not meaning to object, just a note:

  whatever is encrypted with public key can be decrypted with secret key

  whatever is encrypted with secret key can be decrypted with public key

  (i.e. mathematically keys in a pair are equivalent, choice which to use as a secret key is arbitrary).

  Valeri

  ++++++++++++++++++++++++++++++++++++++++
  Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
  ++++++++++++++++++++++++++++++++++++++++

• From: Valeri Galtsev

  No, the FBI director has the last word: “Do not side with paedophiles and terrorists and stop using encryption! Think of the children!”

  JD