decrypt error for file encrypted with mac-gpgsuite and Bugs

hello, i am newbie with encryption and need your help to solve my decryption errors from win4gpg.I moved to pc platform recently from mac.

I have stored some encrypted files that vary in size i.e. from 500 MB to 10GB each on my hdd. Each file was encrypted with GPGsuite.org on mac though. These files, were either in ZIP or RAR format, then i encrypted them.

I found win4gpg while looking for a program to decrypt my files on pc. Win 7 64b.

I installed the program, and i run kleopatra. I import a database with all my keys ok.
I go to Decrypt files, i chose the one i want ending with .gpg extension.
Some of these files, were encrypted for 2 users i.e. user1,user2 with one go on mac.

After selection, a screen appears,
I leave all options as they are and click decrypt button.
It asks for pass.

  1. BUG?. If i leave this window innactive for over 10sec, it disappears and cannot bring it back, i have to go through the beginning. Also it shows that is decrypting (moving bar on top of window) which is misleading i guess.

  2. I paste a VERY long password, maybe over 80 alphanumeric characters.
    I click ok, it shows is decrypting… Then i get error message.
    I click on details and it shows 2 receipients (the ones (userIDs) i encrypted the file for)

What do i do wrong or better how do i fix this problem please ? I cannot decrypt anything…

  1. BUGS continued. If I click OK on error window, i go back to main window with keys listed etc. If i carry on all steps from beginning, it does NOT ask for password again when its time, showing that possibly password is still kept in clipboard/ memory and it should not ! One reason is that i could have typed wrong password…

This way it continues decryption without password input leading to same error.

I am wondering, after i imported my key files, do i need a primary key also ? Because i cannot remember how do i find it from my database, or if i have to create a new one and continue with decryption of these files.

Any help would be appreciated as i am stuck and dont know what to do…

Dear Gorz,

first thanks for trying Gpg4win.
It shall be possible to decrypt OpenPGP files, if you have one of the privat/public keys
they were encrypted with.

To your report: Which version of Gpg4win did you try?
If you’ve tried 2.3.3 (stable), please also try the latest beta for 3.0.0,
see https://wiki.gnupg.org/Gpg4win/Testversions

re 1):
Yes, this could be a defect, we have to try to reprove this later. Which version of
windows are we talking about?

re 2):
The most likely explanation is that you haven’t imported the private and public parts
of the pubkey and given the right passphrase yet. In order to see if crypto operations
work, you could try to sign a file or encrypt a small file to yourself and decrypt it again.

As for the passphrase, there could be an encoding problem. If you still have access to the
mac machine, try setting the password to something that is included in ASCII characters.
(Use a long one and you are fine and you can change it later). You could try typing, to avoid copy encoding problems?

If the GUI fails for you, maybe you would want to continue diagnosis on the command line.

Another problem could be, that some files maybe too large (10GB seems to be quite large) or diskspace is missing, could you try with a small file first?

re 3)
It is a standard setting that the gpg-agent caches the passphrase for a while (10 minutes) or so. It would only cache passphrases that were entered correctly and you can change the configuration to not cache anything at all. So I believe this not to be a defect.

Hope I could give you some ideas how to proceed!

Best Regards,
Bernhard

Hello Bemhard,

Thanks for your detailed reply to me. I give you more info.
I have version 2.3.3. I found this version in Readme file.

re1) I have win ultimate 64b. SP1. and 3GB ram.

re2) I am afraid i have no access to the old mac anymore. You say i did not import
private and public keys together… I hope when i exported the keys database from openGPG the private keys were also exported and re-imported in win4… also, otherwise, i am in trouble, as i have no private keys…

This is a nice idea to add in program, so when someone imports i.e. a key database exported from i.e. an openGPG mac program, to inform the user that private key
is also imported and also show him where is the private key, i.e. in a special menu window etc.

The passwords i put are usually ascii compatible and have spaces as well.

But… as i have lot of encrypted files for myself also, i tried this apporach to other 4GB files, with same errors. Strangely before i give up… i tried another file, and i set another password from a password list record, and it decrypted it after some minutes !

Got error after decryption though . It gave me though the correct email and ID further down the message, which have no clue what it means. I opened all decrypted files and worked ok, so maybe this is another unknown bug ? If not, how can i check the validity with your program ?

It would be great to have mouseover help displayed on every choice for newbies, because, if i click Help choice, it opens an internet connection and this is something,
for safety reasons also, i should be asked for before hand. I prefer offline help, and
if i could have a choice to read offline PDF file, loaded by help file, woube be also great
choice.

Regarding space, how much space do i need to decrypt a 10GB file ? 25GB ? I have enough space for sure. A suggestion at this point. On the decrypt window there is this
dizzy blue ‘progress’ bar that moves continuously and is useless because, when i decrypt a large file, i would like to see a 0-100 percent progress bar, so i know that software is working. With the current progress-like bar you add more stress to the end user. I wondered many times, ‘is it working or crached’ ?

It would be great idea to change this bar in future so there is information on progress and time displayed also, so if timer does not work, would be a message it crashed ?

Furthermore, i noticed during decryption, the file created on my hdd, and was Zero bytes, until i refreshed the explorer window and i could see from time to time the filesize changing. When decryption was done, the filesize on windows was different from filesize of original gpg file, for a reason (maybe mac incompatibility)

re3) Ok, understood this, but from which menu and option do i chance the caching of password or set it to non-auto so i get back the password window ? Would be great to see this window always on top of others, so it does not get hidden by larger win4 windows. When the password is cached is it encrypted or somone can read the cache and get the password ? Not sure, if caching is needed during decryption progress i.e. it is needed in the middle of decryption for a reason and needs to be cached.

If this is the case would be nice to show password window and a sound when it pops up and another alarm (on/off) when decryption is done.

Finally, what i cannot find in the software, not sure if i need it, is the pgp program for the encryption. I opened up the installer and i see it is checked and grayed-out, so i have no clue it is installed together with win4 or where to get it and install it.

Also, i have no clue about command line options and how to execute…

Thanks again for your help. I try to give as much feedback as i can as you make a very usefull program !

Hi Gorz,

(just a short reply now)

please try in a cmd.com window:
gpg --list-secret-keys

(my guess is that you do have the secret key(s) imported, otherwise you would not be asked for a passphrase)

please also try the latest Gpg4win 3.0.0 beta, it has a number of potential
improvements.

The signature warning maybe there if you have not changed the trust on your imported secret/public key to ultimate.

I agree that a better progress bar would be an improvement. It is not easily done, though.

As for your files I hope that you have a backup from your files with the secret key from the MacOS. Even if you don’t have a mac anymore, you may be able to access the files when it need. (To repeat a general idea of computing: it is almost always good to have a backup.)

Best Regards,
Bernhard

hi again,

I summarise.

I run ‘cmd’ in windows and then the gpg syntax command you gave me and get
a note that is a development version and thats all. no keys displayed etc.
Unless you meant (www) cmd.com which is an inactive website. Any other alternatives for this command ?

I tried v3 with better results and much faster thanks.
I do get though many crashes, and after i run task manager, i saw that the gnu process was i.e. running as 10 different instances and ended them all.

After that i uninstalled all, then reinstalled them, and every time i run kleopatra, it takes 2-3 minutes to load 4 keys… for unknown reason. I tried cache cleaning or delete them and reload them, but same issue. Sometimes cache cleaning gives error 5156.

I also noticed that if the v2.3 was installed on same path, and i select the v3 to install in same folder, the installer program gets confused and does not detect the old one nor it removes it. I ended up with a new folder inside the v2.3 folder.

I also noticed that despite the uninstall for both versions, the data of the keys were not removed from hdd at all, and loaded automatically after next clean install of v3. So would be great to have option to remove everything, or even export the kleopatra settings so they could be loaded on another i.e. pc etc.

In some file decryption i get error
any help what that could mean ?

thanks

Hi Gorz,
if gpg2 --list-secret-keys in and cmd window does not show you private keys,
then the problem lies within the import step. Let us concentrate on it first.

gpg2 is is a command to be entered in the windows command prompt.
(https://www.lifewire.com/how-to-open-command-prompt-2618089 seems to be a concise explanation how to get a command prompt. Usually the command prompt is run by a process called https://en.wikipedia.org/wiki/Cmd.exe).

Back to the import of your key-pair (public + secret keys).
gpg2 --list-keys YOURNAME will probably list your pubkey (please try),
so you did import the pubkey.

Now for the private key: I’m not familiar with the export possibilities of https://gpgtools.org/,
I know they also use GnuPG as crypto engine unterneath. Usually you would need to do an explicit export of the “private” or “secret” key. Assuming you have done that, which file(s) did it result in and what is the output of gpg2 --import YOUR.FILE for each file?

Do you happen to have a backup of the unexported files? (We would find the secret key in there as well, you would need to search for a file secring.gpg or a directory called private-keys-v1.d depending on the GnuPG version used.)

Best Regards,
Bernhard

hello again,

I tried today to execute the command in the prompt.
I get the following output

then the following info:

pub rsa4096 [sc] expires

uid unknown [my gpg username]

pub rsa4096 [E] expires

thats all.

Any clues if the key ID/ private key is the big number ? and how do i load it etc.
After i load it do i have to upload again on web or validate or create validation etc?

can i encrypt afterwards ?
How do i export this private key for future usage ?

thanks

when i do the import i get
invalid packet ctb=2c
followed by

gpg2 does not exist as command and i run the gpg (without2)

I dont have any backup of these files to search for secret ring file…

The only thing i have is keypassX file for management of pwds etc.
which, i have added an image for security which i always load
with my password, otherwise does not login in database. Dont know
if this is of any help and the generated by an image might have
a secret key in it.

thanks again

Hi Gorz,

did you meanwhile solve your issues somehow?
(I was away for a vacation in July.)

As for the command names: for the latest gpg4win 3.0.0 betas
there is only “gpg”, that is correct.

gpg --list-secret-keys should list your secret keys and yes
the long number is the keyID, some people only use 8 bytes from the tail,
but this may not be unique.

If gpg --list-secret-keys does not list your key, this is the main problem.
There are two possibilities now:
a) You do not have the secret key in a backup somewhere, then you are lost.
b) You do have the secret key, it is important, but just missing the import of the
corresponding pubkey. In this case you can try to import that pubkey.

Good general IT advise: backup important data. :wink:

Best Regards,
Bernhard