How can I use gpgtools to decrypt and ascii armored file? (gpg: decryption failed: Bad session key)

jfharrison's Avatar

jfharrison

24 Jul, 2018 05:12 AM

I have migrated from another OS to MACOS. I have a number of *.asc files that use text passphrase. For EXAMPLE, that would be a file created with gpg -c -a FILENAME and as an example, passphrase gpgtools123. If I create this on my Mac it works and gpg -d works just fine.

But when I try this for a migrated file from another OS (encrypted using gpg 2.2.5) I get
gpg -d "FILE NAME.asc"
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key

The suggestion of "defaults write ~/Library/Preferences/org.gpgtools.gpgservices UseASCIIOutput -bool YES" did not help, the output of the command was the same as above.

What did you expect instead

I expected it to decrypt the file.

Describe steps leading to the problem. see above

Are you using any other Mail.app plugins? no, I'm using CLI attempting decrypt *asc file

  1. Support Staff 1 Posted by Mento on 09 Aug, 2018 08:48 AM

    Mento's Avatar

    Hi!

    Could you please create two encrypted files for us?
    Both with the same (non private) content and the password gpgtools123.
    One decryptable on your Mac, the other one should not be decryptable on your Mac.

    Do you have any special characters in the password?
    Do you have a very long password (over 80 characters)?

    You could try to use a password file instead of pinentry:
    1. Create a file pass.txt which contains only your password.
    2. Decrypt using this password file:

    gpg -d --pinentry-mode loopback --passphrase-file pass.txt < encrypted.asc
    
    3. Delete the password file:
    rm pass.txt
    

    Regards, Mento

  2. 2 Posted by jfharrison on 10 Aug, 2018 07:32 PM

    jfharrison's Avatar

    Thank you. Only the --pinentry-mode worked, after a failure due to requiring me to add --ignore-mdc-error. Below is my screen output:

    $ gpg -d --pinentry-mode loopback --passphrase-file pass.txt < "Credit Reports.zip.asc" > CR.zip gpg: CAST5 encrypted data
    gpg: encrypted with 1 passphrase
    gpg: WARNING: message was not integrity protected
    gpg: Hint: If this message was created before the year 2003 it is
    likely that this message is legitimate. This is because back then integrity protection was not widely used. gpg: Use the option '--ignore-mdc-error' to decrypt anyway.
    gpg: decryption forced to fail!

    $ gpg -d --ignore-mdc-error --pinentry-mode loopback --passphrase-file pass.txt < "Credit Reports.zip.asc" > CR.zip gpg: CAST5 encrypted data
    gpg: encrypted with 1 passphrase
    gpg: WARNING: message was not integrity protected
    $

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac