Decryption Failed - Decryption Failed

Hello,

One of our Vendor has installed GPG software, where he generated a Public Key using Kleopatra and sent it to me.

I have added the key in Workday(HR tool) and sent the file with extension .pgp

But when they try to decrypt it fails with message Decryption failed - Decryption failed.

When I encrypt the file with Kleopatra, it generates a gpg file and they are able to decrypt it.

Can some one please help me. This is critical for us.

Thanks,
CPK.

Capture.JPG

Please recommend to your customer to use the Gpg4win-3.1.3 beta.
It has improved error handling and will offer “Diagnostics” in case decryption failed which will provide more info what went wrong.

I suspect that you are running into: https://wiki.gnupg.org/TroubleShooting#Decryption_Failure_with_Gpg4win-3.1.2_or_later

Thank you very much for your answer. We have downgraded to Gpg4win - 3.1.1 and still it didn’t work.

We will try Gpg4win-3.1.3 beta. and keep you posted.

Thanks,

Hello,

We tried with beta version, but it didn’t help.

When I try with my own Public key and use the following command it works

gpg -o c:\tmp\test.txt -d c:\tmp\test.txt.gpg

But when I encrypt and send the file to the Vendor and when he uses the same command it throws a message no file or directory found.

At my end I have the following. Should I enable them.

Ascii Armored,
Containing Integrity Check
PGP 26 compatabile
Digitally Sign using

Please share your thoughts…

“No such file or directory” means your vendor is using the wrong command line invocation.
E.g. if the path to the file contains spaces it needs to be quoted.

Could you please confirm that my understanding of the Problem is correct:

  1. You encrypt with Gpg4win → The Vendor can decrypt with Gpg4win (Kleopatra)
  2. You encrypt with HR tool → The Vendor cannot decrypt the file with Gpg4win.

Please use Kleoptara from the Gpg4win-3.1.3-beta at your Vendors site. Then provide us with the “Diagnostics” that are available on decryption failure. This will help us to tell you what is wrong.

Regarding the Options:
Enable “Containing Integrity Check”
Enable “ASCII Armored” (Not necessary but helps avoiding transfer errors)
Disable “PGP 26 compatible”

Digitally Sign is a good thing but does not have an effect on encryption / decryption.

Sorry for a late response.

  1. Yes when we encrypt with Gpg4Win Vendor is able to decrypt it.

  2. When we encrypt with HR tool, the vendor is not able to decrypt it.

Vendor downloaded the beta version and the diagnostics showed

“message was not integrity protected”

we are using the command

gpg -o c:\tmp\test.txt -d c:\tmp\test.txt.gpg

and we are able to decrypt the file.

Ok.

So the problem is that HR Tool omits the “MDC (Integrity Protection)” activating:

“Containing Integrity Check” in HR Tool should fix the problem.

Integrity protection is an important security feature in OpenPGP which has been in use for over 15 years. Recently we decided to require it in Gpg4win as there were important vulnerabilities discussed which are prevented by the Integrity Protection.