Video Screencast Help

3144:data is encrypted to unknown ID

Created: 03 Mar 2014 • Updated: 10 Mar 2014 | 13 comments
This issue has been solved. See solution.

Hi

While trying to decrypt a file received from a client I am getting the error  “Private key not found” .

1080:no private key could be found for decryption.

I have done the following as mentioned by the user dfinkelstein in another post.

C:\Users\Administrator>pgp --list-keys
Alg     Type      Size/Type     Flags      Key ID      User ID
-----     ----         ---------          -------       ----------      -------

1) My first question is from the above output which column displays prviate keys, and public keys.

I have also run the following

C:\Users\Administrator>pgp --verify "F:\esco\New folder\test.pgp"

and I get the following output.

file.pgp:verify (3144:data is encrypted to unknown ID 0x73345F23)

file.pgp:verify (1080:no private key could be found for decryption)
 
If I get the above output according to the user dfinkelstein it means "in which case you have no idea to whom the file was actually encrypted."
 
2) Can I conclude that the file was not encrypted for me and the problem is from our clients side?
 
Thanks
Operating Systems:

Comments 13 CommentsJump to latest comment

Alex_CST's picture

That means you have no key-pairs at all.  Have you generated one or imported one?  

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

dcats's picture

Hi esco,

If you posted the full output Alex_CST is right.
Anyway, the --verify output "encrypted to unknown ID 0x73345F23" means that data was encrypted to a key with the ID 0x73345F23. By unknown, it means that your PGP installation has no information about that key. This last one implies that you have no public key (and then also no private key) matching the above key ID.
Unless you forgot to import your keys, this message was not encrypted for you. Or, if that was the complete output, simply because you have no keys.

HTH,
dcats

esco's picture

Hi

sorry for not providing the full output

the full output is as follows

C:\Users\Administrator>pgp --list-keys                            
Alg        Type    Size/Type    Flags    Key ID            User ID
-----        ----      ---------          -------    ----------             -------            
RSA4     pair    2048/2048    [VI---]    0xA4278670     1astoes40001        
RSA4     pair    2048/2048    [VI---]    0x35610C4A     1astoes40002        
RSA4     pair    2048/2048    [VI---]    0x2EF4183C    1astoes40003        
RSA4     pair    2048/2048    [VI---]    0x371C6AC1    1astoes40004        
RSA4     pair    2048/2048    [VI---]    0x0AAB53BC   1astoes40005        
RSA4     pair    2048/2048    [VI---]    0xAE44CAA5   1astoes40006        
RSA4     pair    2048/2048    [VI---]    0x00CD72A2    1astoes40007        
RSA4     pair    2048/2048    [VI---]    0xBE6405A3    1astoes40008        
*RSA4    pair    2048/2048    [VI---]    0x4C51BBA8   1astoes40009        
RSA4     pub    2048/2048    [-----]     0x2CA47A00    Hrmd       
RSA4     pub    2048/2048    [-----]     0x35C4B29A    Admin        
RSA4     pub    2048/2048    [-----]     0xA9CC6753    Itcp       
RSA4     pub    2048/2048    [-----]     0x4E67BE5F    Finance        
RSA4     pub    2048/2048    [-----]     0x2251C29C     Marketing        
RSA4     pub    2048/2048    [-----]     0x2E38D661     Hods       
RSA4     pub    2048/2048    [-----]     0xAA62EF10    Courses        
RSA4     pub    2048/2048    [-----]     0x354C873A     Others        
17 keys found                        
                                
C:\Users\Administrator>  

we are having problems in decrypting the files from User ID 1astoes40002 (marked bold in output)

here is how we have our work done

1. Generated the key pair with a key name for the recipient, client (Recipient Key) along with a passphrase
2. Exported public key using Recipient Key
3. Shared public key with client
4. Imported the Public Key received from the client into the PGP Key Ring

We authenticate the signature using the Public Key of the client.
We decrypt the client file using the passphrase for the corresponding client

The decryption have been going on smoothly for the client for more than a year till we started getting the above error message this week.

Now can anyone suggest an answer to this (whether the problem is from our side or the clients side)

Thanks

Alex_CST's picture

The Key ID that the file was encrypted to is 0x73345F23 which is not on your list.  This means that its either been removed if its been going on ok all for the past year, or this particular file was encrypted to a wrong key incorrectly.  Look up previously encrypted files and see what they were encrypted to.

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

esco's picture

Hi

I tried decrypting a file sent by my client on april 2013. I was able to decrypt the file successfully.

Hence, I ran the following command on the file and got the following output.

C:\Users\Administrator>pgp --verify "F:\esco\New folder\1astoes40002001.pgp"
F:\esco\New folder\1astoes40002001.pgp:verify (3093:data is encrypted to subkey ID 0xA57C15B5)
F:\esco\New folder\1astoes40002001.pgp:verify (3044:subkey ID 0xA57C15B5 belongs to 0x35610C4A 1astoes40002)
F:\esco\New folder\1astoes40002001.pgp:verify (3033:no passphrase specified)

C:\Users\Administrator>

Does this mean that the clients file recieved by us is having encryption problem?

or

We are having problems on our side?

Thanks

Alex_CST's picture

add --passphrase to verify the file with the keys passphrase and see what output you get

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

dcats's picture

Hi esco,

It means that the file is encrypted to a key which you do not have.
Perhaps they manually encrypt the file before emailing it and simply have selected the wrong key. Or they intended to send the file to multiple recipients but have encrypted only to one of them - the owner of key ID 0x73345F23.

The issue seems to be on the sender side - using a wrong public key.

Rgs,
dcats

esco's picture

Hi

I added the passphrase and tried decrypting the file sent by my client on april 2013. The output is given below.

C:\Users\Administrator>pgp --verify "F:\esco\New folder\1astoes40002001.pgp" --passphrase ....
F:\esco\New folder\1astoes40002001.pgp:verify (3093:data is encrypted to subkey ID 0xA57C15B5)
F:\esco\New folder\1astoes40002001.pgp:verify (3044:subkey ID 0xA57C15B5 belongs to 0x35610C4A 1astoes40002)
F:\esco\New folder\1astoes40002001.pgp:verify (3048:data encrypted with cipher AES-128)
F:\esco\New folder\1astoes40002001.pgp:verify (3042:suggested output file name 1astoes40002001.txt)
F:\esco\New folder\1astoes40002001.pgp:verify (0:verify complete)

Thanks

dcats's picture

Hi esco,

That output presents a key you have in the keyring.
What if you try the same command in the file you cannot decrypt?

By the way, you can remove the passphrase before posting.

Thanks,
dcats

esco's picture

Hi

Thanks for the advice dcats.

When I run the command in the file (which I can not decrypt) I get the following output.

F:\esco\New folder\test.pgp:verify (3144:data is encrypted to unknown ID 0x73345F23)
F:\esco\New folder\test.pgp:verify (1080:no private key could be found for decryption)

Does this mean my client is sending a file which was not encrypted for us?

Does this mean we have a key for them in our key ring (which the client somehow is not using when encrypting files intended for us)?

Thanks

dcats's picture

Hi esco,

Yes. The file was not encrypted to your keys (no private key). It is unknown, so you don't even have the public key.

Having their public key in the keyring would allow to verify the authenticity of the signature, if they sign the file. It has nothing to do with the encryption process.

You encrypt to a public key so that only the owner of the private part of that key can decrypt.
You sign with the private part of the key so that everyone with access to the public key can confirm it was you.

HTH,
dcats

SOLUTION
esco's picture

Hi

My client is saying nothing has been changed from their side. Now they are requesting for a public key from us. My question is can we run the following command and provide them the key?

C:\Users\Administrator>pgp –export "1astoes40002"

Thanks

dcats's picture

Hi esco,

Yes, that should do it.

References:
HOW TO: Use PGP Command Line to Create and Manage PGP Keys - HOWTO41935.
(See the section: Export The Public Key)

PGP Command Line 10.x List Of Commands/Options - TECH148895

Rgs,
dcats