Bug#987956: libgcrypt20: ECDH decryption fails with "gpg: public key decryption failed: Invalid object" error message
Andreas Metzler
ametzler at bebt.de
Sun May 2 19:16:18 BST 2021
Control: severity -1 serious
On 2021-05-02 "Xavier G." <xavier at kindwolf.org> wrote:
> Package: libgcrypt20
> Version: 1.8.7-4
> Severity: important
> Dear Maintainer,
> After a full-upgrade in Sid on 2021-05-02, `gpg --decrypt somefile.gpg` fails:
[...]
> Considering the list of updated packages this day, libgcrypt20:amd64 (1.8.7-3,
> 1.8.7-4) is the likely culprit. Its changelog states:
> libgcrypt20 (1.8.7-4) unstable; urgency=medium
> * Update from LIBGCRYPT-1.8-BRANCH:
> + 30_07-Fix-previous-commit.patch
> + 30_08-ecc-Check-the-input-length-for-the-point.patch
> -- Andreas Metzler <ametzler at debian.org> Sun, 02 May 2021 13:58:47 +0200
> The second patch is precisely about returning "Invalid object" /
> GPG_ERR_INV_OBJ in some case related to GnuPG and ECDH decryption.
> Therefore, could you please double-check this patch?
Looks fishy, but I have not got time check now. Lets bump the severity
to make double-sure it does not propagate to testing.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-gnutls-maint
mailing list