[CentOS] gpg can't decrypt message

Valeri Galtsev galtsev at kicp.uchicago.edu
Wed Oct 1 18:14:10 UTC 2014


On Wed, October 1, 2014 12:29 pm, Mike wrote:
>
>
> On Wed, 1 Oct 2014, Valeri Galtsev wrote:
>
>>
>> On Wed, October 1, 2014 11:34 am, Nicolas Thierry-Mieg wrote:
>>> On 10/01/2014 06:07 PM, Valeri Galtsev wrote:
>>>>
>>>> On Wed, October 1, 2014 10:19 am, Nicolas Thierry-Mieg wrote:
>>>>>
>>>>>
>>>>> On 10/01/2014 05:16 PM, Nicolas Thierry-Mieg wrote:
>>>>>> On 10/01/2014 04:58 PM, Tim Dunphy wrote:
>>>>>>> Hey guys,
>>>>>>>
>>>>>>>
>>>>>>>    Having a little gpg issue I was wondering if someone could help
>>>>>>> me
>>>>>>> with.
>>>>>>>
>>>>>>>    A friend of mine sent me an encrypted message. So I searched
>>>>>>> online
>>>>>>> and
>>>>>>> found a a set of keys that correspond with his email address. And
>>>>>>> imported
>>>>>>> them. But when I go to decrypt the message, this is what I get:
>>>>>>>
>>>>>>> [root at ops:~] #gpg --decrypt roger-message
>>>>>>> gpg: encrypted with 2048-bit RSA key, ID 9617EA5C, created
>>>>>>> 2014-10-01
>>>>>>>         "Roger Sherman <rsherman at viddler.com>"
>>>>>>> *gpg: encrypted with RSA key, ID 9A41C766*
>>>>>>> *gpg: decryption failed: secret key not available*
>>>>>>>
>>>>>> <snip>
>>>>>>> So maybe I just didn't import the right key? Or do you think the
>>>>>>> message
>>>>>>> wasn't sent correctly? Who's the dummy here? Me or him? :)
>>>>>>
>>>>>> looks like he encrypted with HIS public key. So you need his private
>>>>>> key
>>>>>> to decrypt, obviously you don't have that.
>>>>>> I believe it's the other way around: he should encrpyt with your
>>>>>> public
>>>>>> key, then you are the only person capable of decrypting (with your
>>>>>> private key).
>>>>>
>>>>> BTW what would be the point of encrypting, if anyone can just grab a
>>>>> key
>>>>> online and decrypt? :-)
>>>>>
>>>>
>>>> If you can decrypt his message with his public key, this tells you
>>>> that
>>>> the person who has access to secret key of the pair was the one who
>>>> encrypted the message. This ensures that you know that he is the one
>>>> who
>>>> indeed sent this message.
>>>
>>> that is the purpose of *signing*: authenticate the sender and prevent
>>> tampering of the message.
>>>
>>> The purpose of *encrypting* is different: make sure only the intended
>>> recipient can read (decrypt) the message.
>>>
>>> Sometimes you do both, but you don't have to.
>>
>> Sure, I agree, but I just answered the question if encrypting with one's
>> own secret key is nonsense, which it isn't, but normally people do what
>> you describes, and that is the way was pgp and gpg are meant to be
>> used...
>> still "unusual thing" as encrypting with one's own private key isn't
>> nonsense.
>>
>> Valeri
>>
>> ++++++++++++++++++++++++++++++++++++++++
>> Valeri Galtsev
>> Sr System Administrator
>> Department of Astronomy and Astrophysics
>> Kavli Institute for Cosmological Physics
>> University of Chicago
>> Phone: 773-702-4247
>> ++++++++++++++++++++++++++++++++++++++++
>>
> This thread has turned in to 'cryptography 101' on the CentOS mailing
> list.  This is my last post...
>
> Encrypting content (a message) with ones own secret key with the intent of
> privacy is pointless (or nonesense as you say).

No, it was NOT privacy here that can be the goal, but knowledge that the
message indeed comes from the one who has access to secret key. (and I was
just answering someone's question if this is at all nonsense, not
suggesting to use pgp/gpg this way)

In general (not meaning 101 encryption class, I'm not that ambitious), key
pair (asymmetric) encryption is:

There is a pair of keys: A and B. Whatever is encrypted with key A can be
decrypted with key B. And vice versa, whatever is encrypted with key B can
be decrypted with key A. In that respect keys are equivalent (only once
designated secret key should stay such forever).

Unusual way of encrypting with one's own secret key is not a nonsense, and
serves the same goal as digital signature does (the last being preferable
IMHO...). If you go to wikipedia article Public-key_cryptography you will
find this use there, it is in the section titled "Inverse Public Key
Encryption".

So, what is less usual or irregular is not total nonsense.

Cryptologists (or mathematicians) - you have last word ! (after which we -
all us others - will shut up ;-)

Valeri

>  With the premise being
> that the 'matching' key to that secret key is, well, public or accessible
> to anyone.  Hense no privacy as the content can be decrypted by anyone.
>
> Encrypting a message digest or hash with ones own secret key makes perfect
> sense.  That is the essence of a digital signature.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++



More information about the CentOS mailing list