Can't Decrypt AES256 (PGP CKT)

Discussion:

(too old to reply)

Johnny Kapikki

2005-08-07 09:49:24 UTC

We are both using PGP 6.5.8ckt

He's using version 08
I'm using version 09b3
(this *shouldn't* make a difference in the problem I'm about to
describe)

I've been using his public key (Diffie-Hellman) to send him encrypted
messages. Some messages have been sent, where the session key used was
AES256. Some messages, the session key has been 3DES. All of the
messages have been encrypted to both my default key, and his public
key

When he receives a message from me where the session key was encrypted
using AES256, he gets the following message after entering his
password:

"An Error Has Occurred: Encrypted Session Key Is Bad"

When he receives a message from me where the session key was encrypted
using 3DES, the message decrypts just fine.

I've asked him to make sure that in his PGP Options (Advanced tab), he
has all of the available algorithms listed. Of course, he's using ckt,
so he has available all the same algorithms that I have available on
my machine. I don't understand why using 3DES works for him, when
AES256 doesn't.

All of the messages he's sent me have used 3DES on the session key,
and I've been decrypting them fine.

I have not yet tested any other algorithms with him yet, as I know
that he's busy and I don't want to bother him with more testing if I
can figure out what may be wrong from anyone in this group first.

Thanks,
Johnny

Casey Klc

2005-08-07 17:27:44 UTC

Permalink

Post by Johnny Kapikki
We are both using PGP 6.5.8ckt
He's using version 08
I'm using version 09b3
(this *shouldn't* make a difference in the problem I'm about to
describe)
I've been using his public key (Diffie-Hellman) to send him encrypted
messages. Some messages have been sent, where the session key used was
AES256. Some messages, the session key has been 3DES. All of the
messages have been encrypted to both my default key, and his public
key
When he receives a message from me where the session key was encrypted
using AES256, he gets the following message after entering his
"An Error Has Occurred: Encrypted Session Key Is Bad"
When he receives a message from me where the session key was encrypted
using 3DES, the message decrypts just fine.
I've asked him to make sure that in his PGP Options (Advanced tab), he
has all of the available algorithms listed. Of course, he's using ckt,
so he has available all the same algorithms that I have available on
my machine. I don't understand why using 3DES works for him, when
AES256 doesn't.
All of the messages he's sent me have used 3DES on the session key,
and I've been decrypting them fine.
I have not yet tested any other algorithms with him yet, as I know
that he's busy and I don't want to bother him with more testing if I
can figure out what may be wrong from anyone in this group first.
Thanks,
Johnny

At PGPckt Options/Advanced/Symetric Algorithms Preferences,
Do each of you have both the AES256 algorithm and the 3DES
algirithm in the Enabled Window (and not the Disabled
Window)?
Casey

Casey Klc

2005-08-07 17:45:16 UTC

Permalink

Post by Casey Klc

At PGPckt Options/Advanced/Symetric Algorithms Preferences,
Do each of you have both the AES256 algorithm and the 3DES
algirithm in the Enabled Window (and not the Disabled
Window)?
Casey

My understanding is that the sender's PGP selects the symetric
algorithm used. This selection is based on 1) preferred algorythms
and 2) not disabled algorythms of both the sender and recipient.
Casey

Johnny Kapikki

2005-08-08 09:40:42 UTC

Permalink

Post by Casey Klc
At PGPckt Options/Advanced/Symetric Algorithms Preferences,
Do each of you have both the AES256 algorithm and the 3DES
algirithm in the Enabled Window (and not the Disabled
Window)?

Yes, we each have *all* the available algorithms enabled. I choose
AES256 by bumping it up to the top of the list (but he has the problem
with the AES256 messages).

"An Error Has Occurred: Encrypted Session Key Is Bad"

vedaal

2005-08-08 18:04:46 UTC

Permalink

Post by Johnny Kapikki
Yes, we each have *all* the available algorithms enabled. I
choose AES256 by bumping it up to the top of the list (but he
has the problem with the AES256 messages).
"An Error Has Occurred: Encrypted Session Key Is Bad"

please send me the same messages you sent, encrypted to your
friend,
but also encrypted to my key
(the fingerprint is in the signature header)

one message with 3des, and the other with aes256

i will check them in ckt (i use build 9 beta 3) and gnupg
and maybe we can track down the problem

vedaal

Casey Klc

2005-08-08 20:47:23 UTC

Permalink

Post by Johnny Kapikki

Yes, we each have *all* the available algorithms enabled. I choose
AES256 by bumping it up to the top of the list (but he has the problem
with the AES256 messages).
"An Error Has Occurred: Encrypted Session Key Is Bad"

Hi Johnny, I can think of one more check that you might want to make.
Question: when the recipient's key was generated, was AES-256 selected
on the recipitnt's machine as a preferred algorythm?
You can check by looking at the recipient's pub key.
On your 09b3 pgp tray/pgp keys/ r-click recipient's pub key.
select properties then general Does "Cipher:" show AES_256??
If this doesn't turn up something then I give up <g>
Casey

Johnny Kapikki

2005-08-10 01:58:14 UTC

Permalink

Post by Casey Klc
Question: when the recipient's key was generated, was AES-256 selected
on the recipitnt's machine as a preferred algorythm?
You can check by looking at the recipient's pub key.
On your 09b3 pgp tray/pgp keys/ r-click recipient's pub key.
select properties then general Does "Cipher:" show AES_256??

Cipher: TripleDES,CAST,IDEA,Blowfish,AES-128,AES-192,AES-256,Twofish

:)