Gpg Can’t Decrypt Message
Hey guys,
Having a little gpg issue I was wondering if someone could help me with.
A friend of mine sent me an encrypted message. So I searched online and found a a set of keys that correspond with his email address. And imported them. But when I go to decrypt the message, this is what I get:
[root@ops:~] #gpg –decrypt roger-message gpg: encrypted with 2048-bit RSA key, ID 9617EA5C, created 2014-10-01
“Roger Sherman
*gpg: encrypted with RSA key, ID 9A41C766*
*gpg: decryption failed: secret key not available*
Here’s a listing of keys that shows his key imported:
[root@ops:~] #gpg –list-keys
/root/.gnupg/pubring.gpg
———————-
Recommended
Recent Posts
Recent Comments
- igor on LibGLU.so.1
- Hussein on NBDE, Clevis And Tang For Non-root Disk
- João M. S. Silva on CentOS 7.6 1810 Vs. VirtualBox : Bug With Keyboard Layout Selection
- Jim Plumb on Spamassassin Vs. SELinux Trouble
- woodiskingser on Off Topic – Need Help Registering To The Smplayer Forum
Archives
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- October 2019
- September 2019
- August 2019
- July 2019
- June 2019
- May 2019
- April 2019
- March 2019
- February 2019
- January 2019
- December 2018
- November 2018
- October 2018
- September 2018
- August 2018
- July 2018
- June 2018
- May 2018
- April 2018
- March 2018
- February 2018
- January 2018
- December 2017
- November 2017
- October 2017
- September 2017
- August 2017
- July 2017
- June 2017
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- November 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- February 2014
- January 2014
- April 2013
- December 2012
14 thoughts on - Gpg Can’t Decrypt Message
I haven’t messed with gpg for a while but it seems to me that the message was encrypted with the worng key. In other words for you (Tim) to be able to decrypt the message uaing your private key Roger should have encrypted it with your public key. You should not have had to import Rogers keys. However if had needed to verify Rogers signature you would need his public key(s).
looks like he encrypted with HIS public key. So you need his private key to decrypt, obviously you don’t have that. I believe it’s the other way around: he should encrpyt with your public key, then you are the only person capable of decrypting (with your private key).
You may have the other parties public key, but it seems that the party sending you messages used the wrong public key for you to encrypt the message, key ID 9A41C766 does not correspond to your private key. Maybe they intended to send the message to someone else or maybe that corresponds to and old version of your key that they had on their keyring?
BTW what would be the point of encrypting, if anyone can just grab a key online and decrypt? :-)
If you can decrypt his message with his public key, this tells you that the person who has access to secret key of the pair was the one who encrypted the message. This ensures that you know that he is the one who indeed sent this message.
Somebody, correct me…
Valeri
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
It also provides some measure of assurance that tampering of the content has not occurred between time of sending and time of decryption, though just *signing* it with the private key (without also encrypting) should accomplish that as well.
Still, just think if the NSA/et al had to spend all their ‘bot-net time brute forcing millions of encrypted ‘everyday’ emails.
that is the purpose of *signing*: authenticate the sender and prevent tampering of the message.
The purpose of *encrypting* is different: make sure only the intended recipient can read (decrypt) the message.
Sometimes you do both, but you don’t have to.
it’s two different processes and they use different keys:
you sign a message using your private key, but you encrypt a message using the recipient’s public key.
Sure, I agree, but I just answered the question if encrypting with one’s own secret key is nonsense, which it isn’t, but normally people do what you describes, and that is the way was pgp and gpg are meant to be used… still “unusual thing” as encrypting with one’s own private key isn’t nonsense.
Valeri
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
This thread has turned in to ‘cryptography 101’ on the CentOS mailing list. This is my last post…
Encrypting content (a message) with ones own secret key with the intent of privacy is pointless (or nonesense as you say). With the premise being that the ‘matching’ key to that secret key is, well, public or accessible to anyone. Hense no privacy as the content can be decrypted by anyone.
Encrypting a message digest or hash with ones own secret key makes perfect sense. That is the essence of a digital signature.
Well, yeah! The PUBLIC key that you’re sending the message to is accessible to anyone. But the only way to decrypt the message is with the PRIVATE key that is paired with the public key of the recipient. Not sure where you get the idea that this is insecure. The message absolutely CANNOT be decrypted by someone who does not have the private key with which the public key you’re sending the message to is associated.
cryptography 101 indeed!
No, it was NOT privacy here that can be the goal, but knowledge that the message indeed comes from the one who has access to secret key. (and I was just answering someone’s question if this is at all nonsense, not suggesting to use pgp/gpg this way)
In general (not meaning 101 encryption class, I’m not that ambitious), key pair (asymmetric) encryption is:
There is a pair of keys: A and B. Whatever is encrypted with key A can be decrypted with key B. And vice versa, whatever is encrypted with key B can be decrypted with key A. In that respect keys are equivalent (only once designated secret key should stay such forever).
Unusual way of encrypting with one’s own secret key is not a nonsense, and serves the same goal as digital signature does (the last being preferable IMHO…). If you go to wikipedia article Public-key_cryptography you will find this use there, it is in the section titled “Inverse Public Key Encryption”.
So, what is less usual or irregular is not total nonsense.
Cryptologists (or mathematicians) – you have last word ! (after which we –
all us others – will shut up ;-)
Valeri
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
not meaning to object, just a note:
whatever is encrypted with public key can be decrypted with secret key
whatever is encrypted with secret key can be decrypted with public key
(i.e. mathematically keys in a pair are equivalent, choice which to use as a secret key is arbitrary).
Valeri
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
From: Valeri Galtsev
No, the FBI director has the last word: “Do not side with paedophiles and terrorists and stop using encryption! Think of the children!”
JD