tag:gpgtools.tenderapp.com,2011-11-04:/discussions/problems/106966-cannot-decrypt-a-message-that-is-encrypted-to-my-public-keyGPGTools: Discussion 2021-01-20T14:06:23Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/485064082020-08-03T17:04:18Z2020-08-03T17:04:18ZGPG Mail: cannot decrypt a message that is encrypted to my public key<div><p>Hi gpg_dude,</p>
<p>would it be possible to provide the email message in question? If so, please export the message in question, so that we can have a closer look. To export, simply select the message in Mail.app and press CMD + SHIFT + S, select "Raw Message Source" as type and save it. We won't of course be able to decrypt it, but it will help with analyzing and hopefully finding a solution for your problem.</p>
<p>Attach the resulting .eml file to this discussion by visiting it in your browser (email reply should work but sometimes attachments do not arrive).</p>
<p>Do you know which OpenPGP software was used to create the message in question?</p>
<p>Best,<br>
Steve</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/485064082020-08-03T18:13:03Z2020-08-03T18:13:13ZGPG Mail: cannot decrypt a message that is encrypted to my public key<div><p>Hi Steve,<br>
Your note has actually given me an idea of what might be wrong. Let me follow up with the sender and get back to you. The message looks like it may have been sent with Canary Mail V2, which had lots of bugs and this person should be on V3 already.</p>
<blockquote>
<p>-----BEGIN PGP MESSAGE-----</p>
<p>Version: Canary PGP v2</p>
</blockquote></div>gpg_dudetag:gpgtools.tenderapp.com,2011-11-04:Comment/485064082020-08-03T21:46:07Z2020-08-03T21:46:07ZGPG Mail: cannot decrypt a message that is encrypted to my public key<div><p>Did a little more digging and found the following:</p>
<ul>
<li>The current version 3 of Canary Mail still reports that V2 tag in the PGP payload, so that was a red herring</li>
<li>Another user with Canary Mail V3 sent me a test message that I am also unable to open</li>
<li>Canary Mail V3 seems to be encrypting messages to the master key and not the encryption sub-key</li>
<li>The same user <em>is</em> able to open the message in their sent mail using GPGTools/GPGMail on their computer</li>
</ul>
<p>The only major difference between the setup for user vs. my own is they are not using a Yubikey for GPG. I'm going to try and get them to use Canary Mail to send another message to a different Yubikey user to see if it persists or if it's just my key. I suspect it's the former since the point of the Yubikey is that the master key remains on ICE and individual sub-keys are generated & loaded onto the Yubikey - so despite <code>gpg --list-secret-keys</code> showing my master key ID, I don't think it <em>actually</em> has access to it in this setup. Let me know if that doesn't sound right or you can think of another reason that might explain this behavior. I suspect we'll have to engage with the Canary Mail developers to address this.</p></div>gpg_dudetag:gpgtools.tenderapp.com,2011-11-04:Comment/485064082020-08-04T22:43:40Z2020-08-04T22:43:40ZGPG Mail: cannot decrypt a message that is encrypted to my public key<div><p>Hi gpg_dude,</p>
<p>ah that might explain it. If --list-secret-keys shows a # before the sec line, it means that gnupg is aware that a secret key exists, but that the secret key is not locally available. What you might have to do is to run <code>gpg --card-status</code> in order to create the local stubs for the key. After that you should technically be asked to enter your card in order to decrypt the message.</p>
<p>Unfortunately smart card support is still rather fragile, but please let us know if that helps or what else you find.</p></div>Luke Letag:gpgtools.tenderapp.com,2011-11-04:Comment/485064082020-08-04T23:48:08Z2020-08-04T23:48:08ZGPG Mail: cannot decrypt a message that is encrypted to my public key<div><p>I'm not sure how <code>gpg --card-status</code> would help here? It just shows me the card info, which does list the <code>#</code> on the master secret-key:</p>
<p><code>sec# rsa4096/0xMY_MASTER_KEYID created: YYYY-MM-DD expires: YYYY-MM-DD</code></p></div>gpg_dudetag:gpgtools.tenderapp.com,2011-11-04:Comment/485064082020-08-06T02:11:02Z2020-08-06T02:11:02ZGPG Mail: cannot decrypt a message that is encrypted to my public key<div><p>I think we have found the cause of this issue on the Canary Mail side as well. I'm told they updated their software to use Bouncy Castle in the last 30 days and verified older messages sent via Canary Mail were encrypted to user's encryption sub-keys and not their master keys. We're pushing them to fix this, so you can go ahead and close this. Thanks.</p></div>gpg_dudetag:gpgtools.tenderapp.com,2011-11-04:Comment/485064082020-08-07T12:22:17Z2020-08-07T12:22:17ZGPG Mail: cannot decrypt a message that is encrypted to my public key<div><p>Great to hear you were able to identify where the problems stem from. Can you update this discussion, once a fix is available in CanaryMail so other users that read this discussions are made aware of the solution?</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/485064082021-01-19T14:35:47Z2021-01-19T14:35:47ZGPG Mail: cannot decrypt a message that is encrypted to my public key<div><p>It appears the Canary team fixed this in version 3.19</p></div>gpg_dudetag:gpgtools.tenderapp.com,2011-11-04:Comment/485064082021-01-20T14:06:11Z2021-01-20T14:06:11ZGPG Mail: cannot decrypt a message that is encrypted to my public key<div><p>That is great news! Thanks for sharing.</p></div>Steve