[Solved] gpg can't symmetrically decrypt files -- bad session key

Trent · 2012-10-31 15:38:46

I have this `gpg -c` encrypted file with personal data in it that I have updated occasionally over the last few years with new information. I have older versions available in git, which will become relevant in a minute. Today I tried to decrypt it with the regular password, which failed. I'm fairly certain I just fatfingered it the last time I encrypted the file, which is really no big deal as it's a short password and should be no problem to figure out the mistake. But I checked out the previous version in git to see how much work I had lost, and I couldn't decrypt that one either. In that case I know I'm typing the correct password, since I had to open that version (using the same password) to make the current one. In fact, since that one failure, I can't decrypt any symmetrically encrypted file. (private key-encrypted files seem to work normally.)

The error message is something like the following (key ID masked):

gpg: DBG: cleared passphrase cached with ID: FFFFFFFFFFFFFF
gpg: decryption failed: Bad session key

So I did some Googling and found this archive of a mailing list discussion which seems to imply that gpg-agent may be saving the incorrect key from one run to another. However, unlike the OP of that topic, I am getting re-prompted for the (symmetric) passphrase every time I re-run gpg. Furthermore, I can't decrypt any file even when I know I'm typing the right passphrase. Nevertheless, I tried sending SIGHUP to gpg-agent and using gpgconf --reload as suggested there, both to no effect.

At this point I fell back to my Microsoft roots and rebooted, hoping that would take effect on whatever key gpg is caching. This time I tried a known-good passphrase on another file, and it worked perfectly fine. But I tried again on the original and experienced the same problem again, after which I again cannot decrypt any file, even the one I just successfully decrypted.

Clearly something is persisting between invocations of gpg, so I'm tempted to blame gpg-agent, but nothing short of rebooting has seemed to take effect. It's definitely going to be a pain to figure out the passphrase for this thing if I have to reboot between each test, so I was hoping someone with more knowledge of gpg's internals could help me out here. Is there some way I can try multiple passwords on a symmetrically encrypted file without rebooting in between?

Cheers,

Trent

Last edited by Trent (2012-12-17 23:13:03)

Trent · 2012-12-17 23:12:44

I revisited this issue today. After an -Syu the other day gpg is now working as expected. Oddly enough, the original passphrase worked fine to decrypt it. No idea what went wrong but I'm assuming it was a bug in gnupg 2.0.19-2. Weird

drg006 · 2012-12-18 02:04:50

I noticed that the password entry dialog used by gnome-shell will close itself when you release the Enter key, even if the window was not visible when the Enter key was originally pressed.

For example, if I were to type gpg -d in a terminal, press Enter to run the command, and then release the Enter key after the password entry dialog appeared, the password entry dialog would be closed with no password entered and a "Bad session key" error would be printed on the command line. This all happens very quickly, so it's difficult to tell what is happening.

My work-around is to press and release the Enter key very quickly, before the password entry dialog appears. You may be out-of-luck if you have a very fast computer

Trent · 2012-12-18 04:46:26

Huh. I didn't experience that today (ran gpg from the console, without X), but it might have been part of the problem earlier... It still doesn't explain why, when it let me enter a passphrase, the correct one didn't work, but it could have been why gpgconf --reload gpg-agent didn't seem to have any effect.

Oh well, it's working now Maybe the existence of this thread will help someone else.

init0 · 2013-03-09 21:15:35

I also have this issue that the gnome-shell dialog disappears within a few milliseconds.
No chance to enter anything -> ``Bad session key''

Workaround: set GPG_AGENT_INFO to "" and you'll get an ugly but working dialog

Strongly suspect Gnome3 is to blame!

Arch Linux

#1 2012-10-31 15:38:46

[Solved] gpg can't symmetrically decrypt files -- bad session key

#2 2012-12-17 23:12:44

Re: [Solved] gpg can't symmetrically decrypt files -- bad session key

#3 2012-12-18 02:04:50

Re: [Solved] gpg can't symmetrically decrypt files -- bad session key

#4 2012-12-18 04:46:26

Re: [Solved] gpg can't symmetrically decrypt files -- bad session key

#5 2013-03-09 21:15:35

Re: [Solved] gpg can't symmetrically decrypt files -- bad session key

Board footer