0

I have received encrypted emails which I can not decrypt because the key used for encryption seems not to be correct.

Usually I have a key ID with 8 hex characters. This key can be found on public keyservers.

The emails I've received recently state a value which is different from my public key ID. Enigmail security info:

gpg: decryption failed: No secret key
Note: The message is encrypted for the following User ID's / Keys:
0xYYYYYYYYYYYYYYYY <my email address>

So it states a 16 character hex value which is not similar in any way to my public PGP key ID. However, using this hex value on the search function of a keyserver, I find my email address with my usual public key info. I still can't see the 16 character hex value among that information.

Can anyone tell me what's it with that strange hex value? What's the relation to my PGP key?

radix
  • 123
  • 3
  • 2
    The 16-digit value is, or should be, a "long" key ID. There's a discussion here: http://security.stackexchange.com/questions/84280/short-openpgp-key-ids-are-insecure-how-to-configure-gnupg-to-use-long-key-ids-i Of course, that doesn't explain why you cannot decrypt the email. – Bob Brown Dec 06 '15 at 21:00
  • 1
    If you find it on the key servers for your _usual_ key, this must be a subkey. Are you missing one of the secret subkeys? – Jens Erat Dec 06 '15 at 21:05
  • The last 8 characters are the short / old key ID. The full ID is the 16 character long string. Did you import your secret key for this public key? –  Dec 06 '15 at 22:01
  • Yes I imported the secret key, I can decrypt messages that are encrypted with my "normal" key. I'll check the hint with the subkeys, only heard of that but never had to deal with those before. – radix Dec 08 '15 at 20:37

1 Answers1

0

The reason was that gnupg resp. enigmail didn't ask for the passphrase in the first place. I figured out that I needed to install pinentry which provides the dialog for entering the GnuPG passphrase.

For some reason it worked without pinentry before. I guess that a Linux Mint update removed a program responsible for the dialog before and didn't replace it properly (I've been using the current installation for quite a while, starting with Mint 14 and always updating to the next release).

I still wonder about my long key ID shown by enigmail via details -> Enigmail Security Info: the short value is not a part of the long ID, as it should be according to this thread and does not have any similarity.

radix
  • 123
  • 3