# Can not decrypt PGP message

## doublehp

Hello.

Have not used GPG since a few years, and I am stuck with my key. I have found 5 solid proofs that the secret password I have is the good one. The problem may be to know ... to which key it's associated.

My keys may be associated to several emails: benoit@demaine.info , or bp@demaine.info for the mail ones. My master key ID is A78E3E691E448CF33F4E8AEF1964932DB392C3C2 (2004-01-02), but in my keyring I also see mentions to E1EB22F0929D9EC8, and I forgot what it is.

When you check public servers, if you find

B4ADD203A5AFEC103BA46A8D47E838E7B392C3C2 (2014-06-16 [SCEA] [revoked: 2016-08-16]), it's the known attack : http://www.draketo.de/english/gnupg-attack , just ignore that key.

For training, I am trying to decrypt an old email I have received ages ago. I have dumped the raw email into a file /tmp/alire.eml (file contains email header and PGP parts). 

Then, I run this command:

```
DISPLAY="" gpg --decrypt -u A78E3E691E448CF33F4E8AEF1964932DB392C3C2 --always-trust -o GPGOutput.txt alire.eml
```

And got this in the console:

```
gpg: encrypted with 4096-bit ELG key, ID XXXXXXXXX, created 2005-03-11

      "XXXXX"

gpg: encrypted with 2048-bit ELG key, ID E1EB22F0929D9EC8, created 2004-01-02

      "DEMAINE Benoit-Pierre <benoit@demaine.info>"
```

and I am prompted this:

```
Please enter the passphrase to unlock the OpenPGP secret key:  

"DEMAINE Benoit-Pierre <benoit@demaine.info>"                  

2048-bit ELG key, ID E1EB22F0929D9EC8,                         

created 2004-01-02 (main key ID 1964932DB392C3C2).
```

and then I type the only secret passphrase I know ... and got this:

```
gpg: public key decryption failed: Bad passphrase

gpg: decryption failed: No secret key
```

I have tried two versions:

```

$ gpg --version

gpg (GnuPG) 2.2.1

libgcrypt 1.8.1

Copyright (C) 2017 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

Home: /home/dhp/.gnupg

Supported algorithms:

Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA

Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,

        CAMELLIA128, CAMELLIA192, CAMELLIA256

Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224

Compression: Uncompressed, ZIP, ZLIB, BZIP2
```

```
# gpg --version

gpg (GnuPG) 2.0.16

libgcrypt 1.5.0

Copyright (C) 2009 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg

Supported algorithms:

Pubkey: RSA, ELG, DSA

Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, 

        CAMELLIA192, CAMELLIA256

Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224

Compression: Uncompressed, ZIP, ZLIB, BZIP2
```

I have tried to type the secret many times, in the X pop-up, in the curses interface ... I am stuck.

What could I do wrong ?

Could locale mess ? I took care to not use any non ASCII letter in my secret.

Could the ncurses interface show stars but in fact reject my secret when pasted with mouse ? The X pop-up already seems to refuse pasting.

Could my secret for E1EB22F0929D9EC8 be different than the one for B392C3C2 ?

Is there a hacking tool to attack my own private key based on my secret (like JohnTheriper, but starting with my known secret, intead of public dictionary) ?

What else could prevent my key from working ?

Have all non-interactive methods been disabled ? sevral forums talk about --no-use-agent --passphrase-fd 0 --batch --yes, but nothing seems to work for me; not even with the old version 2.0.16.

The only thing I am absolutely certain is that the message I am trying to decrypt ... I could decrypt it in 2005, and I am 99% certain of my secret (at worst, I could be one letter wrong; a cracking tool could easily check 100 or 200 possible alternatives in a few seconds).

Could the revoked B4ADD203A5AFEC103BA46A8D47E838E7B392C3C2 mess around ? It should not ...

Thanks.

----------

## doublehp

I have followed https://benoliver999.com/technology/2015/10/20/bruteforcegpg/ and started a nasty attack on my private key, using a "known to be good part of my secret". I generated a 800k lines dictionary, and nasty should spend about 5h on trying it. If it succeeds, I may cancel this message. If it does not, I am stuck.

An other good tuto using gpg2john : http://www.ubuntuvibes.com/2012/10/recover-your-gpg-passphrase-using-john.html

----------

## Ant P.

locale won't be the issue here - I've got a passphrase with symbols and non-ascii and it works even with the ncurses interface over ssh. Mouse paste into ncurses should work if it shows the stars on input, as it has no way to tell where the text is coming from to reject it.

Most likely this is a typo, and the method you've used should work.

----------

## doublehp

Nasty did not give any result. I will give a bit more details.

Say my secret is Password. I sore all my password in a file. The password stored in file does not work. I usually store raw password. But, maybe ... after 15 years, I had forgotten that for this special very critical case, maybe I salted it ? If I had salted it, it would have been something simple. At some point, I have been able to copy-paste and use this password within 2s (while manually typing it takes over 30s). I Never salted the beginning (by that time); so, maybe I salted the end, and forgot about it ? Maybe the actual secret was  PassworD, or Password. So that even when I copy-paste it, I can easily remove and replace the very last letter, or add one or two symbols.

So, what I did yesterday was simple: remove the last letter of the stored secret, and regenerate all possible derivations by adding 1, 2, and 3 symbols to it:

```
echo "Passwor"> key

k="$(cat key)" ; time for i in $(seq 32 126 ); do l="$(echo $i | awk '{printf("%c",$1)}')" ; echo "${k}${l}" >>keys ; done

k="$(cat key)" ; time for i in $(seq 32 126 ); do l="$(echo $i | awk '{printf("%c",$1)}')" ; for j in $(seq 32 126 ); do m="$(echo $j | awk '{printf("%c",$1)}')" ; echo "${k}$l$m" >>keys ; done ; done

# 13.122s

g="$(cat key)" ; time for i in $(seq 32 126 ); do l="$(echo $i | awk '{printf("%c",$1)}')" ; for j in $(seq 32 126 ); do m="$(echo $j | awk '{printf("%c",$1)}')" ; for k in $(seq 32 126 ); do n="$(echo $k | awk '{printf("%c",$1)}')" ; echo "${g}${l}${m}${n}" >>keys ; done ; done ; done

# about 20mn

nasty -m file -i keys

# about 2h30
```

And nothing came out.

I am absolutely certain the secret is the good one. I have found several confirmations at many places. The only possible problems could be:

- I salted the end (nasty should have helped on this)

- encoding or locales mess around (or line terminators)

- the algorythm changed between the generation/use time (2002-2005) and my latest attempts to re-use this key (2009-2018) (my software configuration changed completely

- private key got corrupted on disk (very very very unlikely; but at this point, can not be excluded) (I have recovered several backups of my password file, and they all match; I am not using raid6 over 4 disks; I always through disks as soon as they got a single SMART error: offlineuncorrectable, or reallocated, I don't care, my data are more important than my money)

- GPG does not like chroots and sandboxes (I did not use nasty under my real user, but exported only the .gnupg folder to an other place, an other user under an other system), or a small detail was missing (gnupg should not be sensible to user environment variables IMHO).

In 2005 I could simply copy the secret from a console, and paste it in Thunderbird Enigmail; but since 2009, the X pop-up did not accept mouse pasting anymore. That's why I am using DISPLAY="" to force the console method (it's not true ncurses, but looks like it, to make things simple). I also tried hand copy several times (but this secret is REALLY PITA to hand type, especially when key strokes are replaced with stars).

https://benoliver999.com/technology/2015/10/20/bruteforcegpg/ said to change two configuration files, and kill gpg-agent; but maybe this was not enough; gpg-agent was restarted after starting nasty; maybe the recommendations from this tuto are not enough for Nasty, maybe Nasty tried the good password, but gpg-agent rejected the calls ?

Maybe Nasty was working on the wrong B392C3C2 key ?

I don't understand the difference between the master key B392C3C2 and the second one 9EC8. Should the password be the same for both, or should I have two different passwords ?

----------

