Decryption of gnupg v1 encrypted emails fails

[dbgdngit]

Moto G Android 5.9 Latest K9 mail with openkeychain

I can decrypt emails from other PGPmail clients such as Mailvelope but we have system generated emails using gnupg v1 that fail to decrypt. It just says "decryption error" no further detail.

These worked with APG integration.

[Valodim]

Can you send such a mail to me? -> look@my.amazin.horse

[dbgdngit]

I have sent one to you encrypted with you public key DEADFA11

[Valodim]

Thanks!

I was able to open the e-mail as expected using K-9 and OpenKeychain, both in their latest release versions. It's a pgp/inline e-mail (with trailing text that isn't displayed, might want to fix that later?), we support that but note that it has to be the first thing in the e-mail's body (besides whitespace) for security reasons. Are you sure the mail is in exactly the same format as the ones that don't work for you?

Our error reporting sucks a little, we need to get better in that department. Would you be able to record a logcat using adb while trying to decrypt?

[dbgdngit]

so the the normal emails are multiline system alerts

I have read how to do the logcat and adb grab of logs but that will require a fair amount of setup for me to do.

Is it feasible that i have 2 keys set under "my keys" in K9 account settings/cryptography and this causing an issue as it tries my personal one first?

[Valodim]

The "my keys" setting only matters for sending mail, decryption should work for any of your secret keys.

adb is packaged on debian and thus ubuntu, so if you are running any of those you're good to go, otherwise a live system is an option. it can also be obtained as part of the android sdk as a portable package and run from the unzipped folder without installing stuff on your system :) that would be super helpful, thanks in advance :+1:

[dbgdngit]

Ok Thanks - just ruling that out

I have sent you a more typical multiline example to see if its an encoding issue

[Valodim]

The second mail you sent decrypts and looks as expected, too.

[dbgdngit]

OK so with further investigation using openkeychain encrypt/decrypt text function I have uncovered an issue with the key itself

[DEBUG] Starting decrypt operation… [DEBUG] Found block of asymmetrically encrypted data for key 0xe24277064173124f [ERROR] Insecure key: Either the bit length of RSA/DSA/ElGamal is too short or the ECC curve/algorithm is considered insecure! This can happen because the application is out of date, or from an attack. [INFO] Unlocking secret key [WARN] Insecure encryption algorithm has been used! This can happen because the application is out of date, or from an attack. [DEBUG] Preparing streams for decryption [DEBUG] Processing cleartext data [DEBUG] Unpacking compressed data [DEBUG] Processing literal data [DEBUG] Modification time: Fri Feb 10 08:56:26 GMT+00:00 2017 [DEBUG] MIME type: text/plain [INFO] Integrity check OK! [OK] Decryption/Verification finished

Turns out the key is RSA 2047 ! which is odd in itself. I'm assuming the app is expecting at least 2048 - please confirm

[Valodim]

This will show a warning about an insecure key being in use, but the decryption should still work. And it does - there's no error in the log. It's just a problem between K-9 and OpenKeychain it seems.