>On 2020-07-29 at 10:20 -0700, Ayoub Misherghi via Gnupg-users
>wrote:
>> A gpg says "encrypted with 1 passphrase". Are there situations
>where a message gets encrypted with multiple passphrases?
=====
Not exactly,
but there are situations where GnuPG can simultaneously encrypt conventionally
with a passphrase, and also to a Public Key
Here is an example:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2
Comment: Acts of Kindness better the World, and protect the Soul
hQEMA5lOTrVn/hzPAQgAmsVwn1/R2/skDhGgd//8s6z1waPM6DhD9tVMOKct+Ex+
NRireZFucQ3pcv2fmt51vnpPDyJzhY4EALrClRGBj2z5wflLszKxVaNd+WQ5VNJa
7utTQv56MlIt41crsfb7gHvMZ38Z/rnAIEhiP5IFRbzAMarod3kKRugHvqKA/M2f
xiZWux96oV25U5x32SAamlHc3YuZCSyg2OXEafIQKiVI1fD8fJcAmmIRr5/0Etg2
dxmm5o1q1aAYLvAuLLmn/ORQbNHdNpz/WmViNORMrSKq64yWKGRmj51eNm0wZyFD
FjrpTu5gnyaoO9rMeLAIalTbGgzxnmeq71K7l1ye4YUCDANQb0+h01+xhgEP/0pb
Gga2DA7JGmaTqS6ZcY35VBQZwx94KaFb/qGlWfgd8aE/zrjVTaAXyeUTlqBec/oL
1QgyGpaYf98NxGpjTsjBu1H6sPWmDm2lDI8uyvKKDUS5s/Gotjfl5pFiPVdO3CJh
72fwMkeUIRD1CCak12bqXcaWIus/iufLL69xRdPpRqM5nf8BhQRbTj340mjHXpiB
PEDIUXNNGzp3F760AKpvDC1ah9+24O3cd94OpvGg7gFC8pfLU/iMm5iblrQacv5P
nl5rFOlhE1LDRVvxqH8m8116VfwPPwx2LkEYhP2fd/DLwKSdBexl0jQjeYOU69Qc
plqPPsZlW3MWjKlRmtoJoAWeBAKNs/ylGIsXMkRQ7qFzY+LY3zVdoFgv5RFlWpfY
PYTyXlEIC4BSUC9nVx9vp7XpOYRLnHJgNA8tNxAfjSl5fnNNUVnsRbwMR2+1rJPG
Y65sGRp9yGxNGgkxO7hZ71E1psDTKYPkvfrSwDYF+iizEMhOM2ll7HX8xMnQJnF3
+y6D0re9iv9diV1hRLKjft+nH4bZzzNmaMFyw26TxD2Zz/bPP5pAPCQW9U8Wu+3M
M7tlRWRhW0DdNyeLmK3wk71i2no162KXj87Kfsw4iiYBmquBIw6I4uBbbsevMnm2
wNV5ZLVTiEybjfGvoq57ZEB+x/e6HctzYGABuuI3jC4ECgMCJQ1I/TKsbGW3ZBkw
juvoB83Id9tgMXKVzDdje3X0c7lPvBq2uae7JtSh0koBfo2JzxOC0IDQwjWDRxHS
XlxwPsQr7KbGFZ66vCaOXmm4PJmywIYgbJ8M1F+Ih38pYvurg9qKP3OqyXGd+6iR
ui1Ika1iTnmSVg==
=H/WI
-----END PGP MESSAGE-----
This was encrypted simultaneously conventionally, and to a test key dddd1, and,
(by default, also to my default key).
The command used to encrypt is:
gpg -a -c -e -r dddd1 c:\h\jadeT1.txt
this produces the encrypted file jadeT.txt.asc (listed at the beginning).
The passphrase is sss
Here is the keypair of the public key dddd1 that the message was simultaneously
encrypted to,
(an RSA V4 key, but generated many years ago in GnuPG 1.x):
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
Comment: Acts of Kindness better the World, and protect the Soul
mQELBEOPW7oBCADMJ6daQ9QuZ/W2USGoFHB+PQnQgTIaZZYq4HJHN/j5FO8oc1kP
AiLoikQIlQYtCIqTVeVUsDVgwl3s8emyrmRVjMgYSSeShUKee4Mk4dAL8wL4sp/r
WIYmYtm3rHKMgCcpdMgA02vZeKC9zKQ5tZFz3rLoRAxswEm+OQ2F5U0E11ZjG6/w
ADji4cvorV4VVD7PQolMXhSlx6wLkVf6XY6+8LCmpoXNTdk33pZkSqq6ygWSB8VK
zee9QKxi6nLPFaqKjGo/I6oELWm2mO+5Bz1RPhGeNTTQ9thqJtpyP3EDKbnhzN8o
VQlPgfmEOB/s6Qv9j+2nCfXwTPdsQdUSWmU1AAYptBZkZGRkMSA8ZGRkZDFAa2V5
LnRlc3Q+iQE3BBMBAgAhBQJDj1u6AhsPBwsJCAcDAgEEFQIIAwQWAgMBAh4BAheA
AAoJEJlOTrVn/hzPmdwH/2htj5z0Xdr5Ad4NoDqPD5/twgXIakcrKOETL5Zy9iM5
CYQ2lbY2QCskKlW8eAoPxrfVhOMG64DOIdp0CBUJAp2jyKXmzMWIGjuIe/JmM2pY
IakX+9z3xoAC5JrvyHOg2MIjjAzxwmvey+hMSnnJjfMvrxhGoSHSkIkHiQOb1vZE
zP58t/I+5oDvRgOBeD9Cs/RDUh/joae+UeyrPcYFhQuN0Xcy0hcxDuBY5NLSNo5U
ChnZmS8haWxj9DHFNm/lVgzgV6sTE6SutxLKkrfRuLpV6fZm9I8NfVoWLrnBy2h0
ZquL/EQzNMrJBga2ipvygqGUK1+hxCalUjAeuB0qITc=
=9vYT
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1
Passphrase dddd1
lQO8BEOPW7oBCADMJ6daQ9QuZ/W2USGoFHB+PQnQgTIaZZYq4HJHN/j5FO8oc1kP
AiLoikQIlQYtCIqTVeVUsDVgwl3s8emyrmRVjMgYSSeShUKee4Mk4dAL8wL4sp/r
WIYmYtm3rHKMgCcpdMgA02vZeKC9zKQ5tZFz3rLoRAxswEm+OQ2F5U0E11ZjG6/w
ADji4cvorV4VVD7PQolMXhSlx6wLkVf6XY6+8LCmpoXNTdk33pZkSqq6ygWSB8VK
zee9QKxi6nLPFaqKjGo/I6oELWm2mO+5Bz1RPhGeNTTQ9thqJtpyP3EDKbnhzN8o
VQlPgfmEOB/s6Qv9j+2nCfXwTPdsQdUSWmU1AAYp/gIDCMeKeWtpj0YtYMTP1J/w
XA5svaM25IOJTMp8kT7pAgucyiAjv6h7aK6dEl2PlnQJYNbNEZe91Yfh+0Tl3Vg9
tSj9q7KQLpFPCRdMjG8KHCPl6AZbvFZfiDB6i5cOpsCTyDn5+E/mh89hByQd0Yrm
Sw0+A0cwRabZbuMOFtqNfAAq5Vx0gNJcrYhWXxbtq32LgBcUlo402v2yWrpnmxV/
luVnhLops+hQ5bLNVxbaL/sC0MwcAl8g5zB5HczxSbAZ706WroA3HjYTcMR2R2AW
7w9SRWB4t9DAFXbTp9EUMhZPDl6KdhXcLmCC8gC4NWp6A+SbL93ZwJpallfgMZN3
myI8AJT5ieRaCxfqAsybOIXYpR5eqy9ps9T6oJbxTcxvlwx6q3h1eTBFVMa5PBbP
mN67KycVwq2aLwor0lHXT+ncMGuRL04yGshLpYvoD2q7PkdHuvA5MeJz9RA/M87r
kdMLLGGdM3ujBmhvfKxK56BDD58dnEX9o5kj0ialI6FDthc9wAAxw0JBMjzA1C9d
UORBbBsErAzGMHM3BeRYjwwEioUnl8xF7jWE+tRalOQGbYYfFniCWzwV60zr7Z+Z
P6Fw0CzRLOrtkC4d+DRvumVWsLXQ0P2czJTpzTSdl1pEVoLlX5b2rKRqpIxT78uc
v7M31hRf04lbu55s0l4cB0T3GM+EsMaVk/CvyNjIa9ok4fEUcgzLxU4wHfrrPGz0
HWEoOUqiVrd233O572zqWxI7Sbzt6deoPvKO9uNHHRHS7SMD0iQpXBthpO/HR8Vk
7fgl21JozTg3GLRYKmxzS5VpvZoM3225jn4ecNNWPwMYPwt3G8iiF1asVt0vrWIW
wtelXYMbV/8mPmMDzObXgmKaq2ueBt4qDTXy5lk9QEh829gIqqNQnLAc7YLKkDS0
FmRkZGQxIDxkZGRkMUBrZXkudGVzdD6JATcEEwECACEFAkOPW7oCGw8HCwkIBwMC
AQQVAggDBBYCAwECHgECF4AACgkQmU5OtWf+HM+Z3Af/aG2PnPRd2vkB3g2gOo8P
n+3CBchqRyso4RMvlnL2IzkJhDaVtjZAKyQqVbx4Cg/Gt9WE4wbrgM4h2nQIFQkC
naPIpebMxYgaO4h78mYzalghqRf73PfGgALkmu/Ic6DYwiOMDPHCa97L6ExKecmN
8y+vGEahIdKQiQeJA5vW9kTM/ny38j7mgO9GA4F4P0Kz9ENSH+Ohp75R7Ks9xgWF
C43RdzLSFzEO4Fjk0tI2jlQKGdmZLyFpbGP0McU2b+VWDOBXqxMTpK63EsqSt9G4
ulXp9mb0jw19WhYuucHLaHRmq4v8RDM0yskGBraKm/KCoZQrX6HEJqVSMB64HSoh
Nw==
=9nbK
-----END PGP PRIVATE KEY BLOCK-----
Here is the output of GnuPG when trying to decrypt symmetrically:
C:\>gpg --list-packets c:\h\jadeT1.txt.asc
gpg: armor: BEGIN PGP MESSAGE
gpg: armor header: Version: GnuPG v2
gpg: armor header: Comment: Acts of Kindness better the World, and protect the S
oul
:pubkey enc packet: version 3, algo 1, keyid 994E4EB567FE1CCF
data: [2048 bits]
gpg: public key is 67FE1CCF
You need a passphrase to unlock the secret key for
user: "dddd1 <dd...@key.test>"
2048-bit RSA key, ID 67FE1CCF, created 2005-12-01
gpg: cancelled by user
:pubkey enc packet: version 3, algo 1, keyid 506F4FA1D35FB186
data: [4095 bits]
gpg: public key is D35FB186
You need a passphrase to unlock the secret key for
user: "vedaal nistar (all other addresses were spam flooded) <ved...@nym.hush.co
m>"
4096-bit RSA key, ID D35FB186, created 2008-01-22
gpg: cancelled by user
:symkey enc packet: version 4, cipher 10, s2k 3, hash 2, seskey 256 bits
salt 250d48fd32ac6c65, count 3014656 (183)
gpg: TWOFISH encrypted session key
:encrypted data packet:
length: 74
mdc_method: 2
gpg: encrypted with 1 passphrase
gpg: encrypted with 4096-bit RSA key, ID D35FB186, created 2008-01-22
"vedaal nistar (all other addresses were spam flooded) <ved...@nym.hush.co
m>"
gpg: public key decryption failed: Operation cancelled
gpg: encrypted with 2048-bit RSA key, ID 67FE1CCF, created 2005-12-01
"dddd1 <dd...@key.test>"
gpg: public key decryption failed: Operation cancelled
(here a pinentry window opens and asks for the passphrase, and after it is
entered, GnuPG says the following):
gpg: TWOFISH encrypted data
gpg: session key: '10:DBED76A4B5A0E8C5761ECB3D5E9715ED7A7511989EF765581534512861
03FFD1'
:compressed packet: algo=1
:literal data packet:
mode b (62), created 1596215969, name="jadeT1.txt",
raw data: 11 bytes
gpg: decryption okay
Here is what happens when the decryption is done with the dddd1 key:
C:\>gpg --list-packets c:\h\jadeT1.txt.asc
gpg: armor: BEGIN PGP MESSAGE
gpg: armor header: Version: GnuPG v2
gpg: armor header: Comment: Acts of Kindness better the World, and protect the S
oul
:pubkey enc packet: version 3, algo 1, keyid 994E4EB567FE1CCF
data: [2048 bits]
gpg: public key is 67FE1CCF
You need a passphrase to unlock the secret key for
user: "dddd1 <dd...@key.test>"
2048-bit RSA key, ID 67FE1CCF, created 2005-12-01
gpg: WARNING: cipher algorithm TWOFISH not found in recipient preferences
gpg: public key encrypted data: good DEK
:pubkey enc packet: version 3, algo 1, keyid 506F4FA1D35FB186
data: [4095 bits]
gpg: public key is D35FB186
:symkey enc packet: version 4, cipher 10, s2k 3, hash 2, seskey 256 bits
salt 250d48fd32ac6c65, count 3014656 (183)
:encrypted data packet:
length: 74
mdc_method: 2
gpg: encrypted with 1 passphrase
gpg: encrypted with 4096-bit RSA key, ID D35FB186, created 2008-01-22
"vedaal nistar (all other addresses were spam flooded) <ved...@nym.hush.co
m>"
gpg: encrypted with 2048-bit RSA key, ID 67FE1CCF, created 2005-12-01
"dddd1 <dd...@key.test>"
gpg: TWOFISH encrypted data
gpg: session key: '10:DBED76A4B5A0E8C5761ECB3D5E9715ED7A7511989EF765581534512861
03FFD1'
:compressed packet: algo=1
:literal data packet:
mode b (62), created 1596215969, name="jadeT1.txt",
raw data: 11 bytes
gpg: decryption okay
So, the "encrypted with one passphrase" describes the symmetrically encrypted
packet,
and then GnuPG describes the other packets encrypted to public keys, but
without a passphrase.
n.b. all the encrypted packets use the same session key.
afaik, GnupG does not allow two different simultaneously conventionally
encrypted packets in the same encryption output.
vedaal
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
