You are not logged in.
I have this `gpg -c` encrypted file with personal data in it that I have updated occasionally over the last few years with new information. I have older versions available in git, which will become relevant in a minute. Today I tried to decrypt it with the regular password, which failed. I'm fairly certain I just fatfingered it the last time I encrypted the file, which is really no big deal as it's a short password and should be no problem to figure out the mistake. But I checked out the previous version in git to see how much work I had lost, and I couldn't decrypt that one either. In that case I know I'm typing the correct password, since I had to open that version (using the same password) to make the current one. In fact, since that one failure, I can't decrypt any symmetrically encrypted file. (private key-encrypted files seem to work normally.)
The error message is something like the following (key ID masked):
gpg: DBG: cleared passphrase cached with ID: FFFFFFFFFFFFFF
gpg: decryption failed: Bad session key
So I did some Googling and found this archive of a mailing list discussion which seems to imply that gpg-agent may be saving the incorrect key from one run to another. However, unlike the OP of that topic, I am getting re-prompted for the (symmetric) passphrase every time I re-run gpg. Furthermore, I can't decrypt any file even when I know I'm typing the right passphrase. Nevertheless, I tried sending SIGHUP to gpg-agent and using gpgconf --reload as suggested there, both to no effect.
At this point I fell back to my Microsoft roots and rebooted, hoping that would take effect on whatever key gpg is caching. This time I tried a known-good passphrase on another file, and it worked perfectly fine. But I tried again on the original and experienced the same problem again, after which I again cannot decrypt any file, even the one I just successfully decrypted.
Clearly something is persisting between invocations of gpg, so I'm tempted to blame gpg-agent, but nothing short of rebooting has seemed to take effect. It's definitely going to be a pain to figure out the passphrase for this thing if I have to reboot between each test, so I was hoping someone with more knowledge of gpg's internals could help me out here. Is there some way I can try multiple passwords on a symmetrically encrypted file without rebooting in between?
Cheers,
Trent
Last edited by Trent (2012-12-17 23:13:03)
Offline
I revisited this issue today. After an -Syu the other day gpg is now working as expected. Oddly enough, the original passphrase worked fine to decrypt it. No idea what went wrong but I'm assuming it was a bug in gnupg 2.0.19-2. Weird
Offline
I noticed that the password entry dialog used by gnome-shell will close itself when you release the Enter key, even if the window was not visible when the Enter key was originally pressed.
For example, if I were to type gpg -d in a terminal, press Enter to run the command, and then release the Enter key after the password entry dialog appeared, the password entry dialog would be closed with no password entered and a "Bad session key" error would be printed on the command line. This all happens very quickly, so it's difficult to tell what is happening.
My work-around is to press and release the Enter key very quickly, before the password entry dialog appears. You may be out-of-luck if you have a very fast computer
Offline
Huh. I didn't experience that today (ran gpg from the console, without X), but it might have been part of the problem earlier... It still doesn't explain why, when it let me enter a passphrase, the correct one didn't work, but it could have been why gpgconf --reload gpg-agent didn't seem to have any effect.
Oh well, it's working now Maybe the existence of this thread will help someone else.
Offline
I also have this issue that the gnome-shell dialog disappears within a few milliseconds.
No chance to enter anything -> ``Bad session key''
Workaround: set GPG_AGENT_INFO to "" and you'll get an ugly but working dialog
Strongly suspect Gnome3 is to blame!
Offline