Discussion:
GPG Decryption resulting in garbled zip file
(too old to reply)
steve
2007-12-26 16:52:09 UTC
Permalink
Hello,

I'm a newbie here, but I have a problem decrypting a zip file
encrypted with pgp. I was trying to subscribe to the gpg group, but it
didn't reply, so I couldn't post there. So I thought I'd ask the
folks here.

The problem is this, I generate a standard 2048-bit ELG-E key and sent
off the public part to the client.
Similarly they sent me a 1024D (1024bit?) key which I was able to
import successfully

They then uploaded a file reportedly encrypted with their key. I take
the file, decrypt it, and it seems to decrypt successfully (just a
warning that it was not integrity protected). This results in a zip
file

However, when I try to uncompress the zip file, it would not decrypt.
Winzip would complain that it is an invalid archive

I'm using GPG 1.4.7
I don't know what the client is using, but they required a DH/DSS key
from me (though this should have nothing to do with the file that they
send me, right?)

The symptom seem to match a little with what was described in:
http://marc.info/?l=gnupg-users&m=104982312123419&w=2
But, as that was supposed to be resolved 4 years ago, I hope that this
is just some user error on my part.

Cheers,
Steve
Neil W Rickert
2007-12-26 18:51:05 UTC
Permalink
Post by steve
However, when I try to uncompress the zip file, it would not decrypt.
Winzip would complain that it is an invalid archive
I would guess this was an error made in the encryption process.

Alternatively, after decrypting, you "downloaded" to another computer
and failed to do a binary download resulting in a corrupted file.

I'm mostly guessing here.
Otto Sykora
2007-12-28 14:44:41 UTC
Permalink
Or:

you are using linux, they are using windows right?

I had many , many problems with files which have been zipped at
windows and then unzipped under linux and vice versa. Evene simple
copying such file did distroy it.
We have permanently problems with it at our company, so have many
people like users of acronis true image, when they make the bakup uder
linux and try to move or copy the files after under windows.
We do it this way and have succeded so far.

I recomend here two different archiving methods on the same file, then
mostly all arrives well. Also with pgp/gpg I would suggest to make the
file 'ascii', this is more aimple for mail and ftp servers and clients
to handle apparently.
steve
2008-01-02 16:19:36 UTC
Permalink
Post by Otto Sykora
you are using linux, they are using windows right?
I had many , many problems with files which have been zipped at
windows and then unzipped under linux and vice versa. Evene simple
copying such file did distroy it.
We have permanently problems with it at our company, so have many
people like users of acronis true image, when they make the bakup uder
linux and try to move or copy the files after under windows.
We do it this way and have succeded so far.
I recomend here two different archiving methods on the same file, then
mostly all arrives well. Also with pgp/gpg I would suggest to make the
file 'ascii', this is more aimple for mail and ftp servers and clients
to handle apparently.
Hmmm... I've not personally had linux/PC zip/unzip issues. But I
don't know what the client does to generate the file. I FTP the file
to my PC (windows) and decrypt it there. Then I ran winzip on it and
it complained that it was corrupted.

The files are generated in ascii, so that should not be the issue...

Anything specific I can try?

Thanks,
Steve
John Wunderlich
2008-01-02 20:55:20 UTC
Permalink
Post by steve
Hmmm... I've not personally had linux/PC zip/unzip issues. But I
don't know what the client does to generate the file. I FTP the file
to my PC (windows) and decrypt it there. Then I ran winzip on it and
it complained that it was corrupted.
The files are generated in ascii, so that should not be the issue...
Anything specific I can try?
You need to isolate where the problem lies.

At the source end, generate a MD5 sum of the .zip file before and after
encryption. When you receive the file, generate the MD5 sum before and
after decryption. If the MD5 sum of the decrypted .zip file matches
that of the pre-encrypted .zip file, then the problem is in the
generation of the .zip files. If they don't match, the problem is
probably in the encryption / decryption.

I believe the "md5sum" command is native to Linux.
There are many Windows versions of this program (google md5sum.exe).

HTH,
John
Otto Sykora
2008-01-02 23:00:49 UTC
Permalink
what happends if your partner does not zip the file , but just
encrypts it to your public key?
Still problems?
PGP does zip by defouls itself all files, so the extra might no be
essential in this case.
However if the problem is linux/windows, then it can get complex,
since I was told some rights go mixed up in such case. We had most
problems when transfering from and to NTFS and ext3.

But recently we got new winzip installed in the office, we were told,
that older versions are not full compatible with some recent versions
for some reasons.

Loading...