[Gpg4win-users-en] GPG Encryption Fails When Called From Oracle Enterprise Manager

[Werner Koch]

On Fri, 24 Jul 2015 16:35, kent_hurtig at friends.edu said:

> gpg: DBG: finish_lookup: checking key 21CBF00F (all)(req_usage=2)
> gpg: DBG: 	no suitable subkeys found - trying primary
> gpg: DBG: 	primary key not valid
> gpg: DBG: 	no suitable key found -  giving up

Well, you have no valid encryption key.

> pub   1024R/21CBF00F 2002-12-05
> uid       [  full  ] Educational Computer Systems Inc <admin at ecsi.net>

Right, there is no subkey (would be indicated by a line with the tag
"sub").  Usually the primary key (indcated by the tag "pub") is not
capabale of encryption.

> gpg: DBG: finish_lookup: checking key 21CBF00F <all><req_usage=2>
> gpg: DBG:       no suitable subkeys found - trying primary
> gpg: DBG:       primary key may be used
> gpg: DBG:       using key 21CBF00F
> DBG: rsq_encrypt     => Success
> gpg: RSA/3DES encrypted for: "21CBF00F Educational Computer Systems Inc <admin at csi.net>"

Here you used a different copy of the key.  It also has no subkey but
the primary key is capable of encryption.  The capabilities of a key are
stored in the so-called self-signature and may in theory be changed
which could be an explanation why it works with one copy of a key but
not with the other.  To see the capabilities it is probably best to run

  gpg --list-options show-usage -k 21CBF00F

which will result in an output like this

  pub   dsa2048/F2AD85AC1E42B367 2007-12-31 [SC] [expires: 2018-12-31]
  uid               [ultimate] Werner Koch <wk at gnupg.org>
  sub   dsa1024/4F0540D577F95F95 2011-11-02 [S]
  sub   rsa2048/1E0FE11D664D7444 2014-01-02 [E] [expires: 2016-12-31]

The S, C, E in brackets indicate the capabilities.  You need an [E]
capability for encryption.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.