Decrypting with private key yields "not enough information to check signature v

anon11042228 · September 29, 2015, 7:33pm

I have files delivered to me that are encrypted using my personal public key. When I decrypt them using my private key, the file decrypts successfully but an error is displayed:

“Not enough information to check signature validity”

How can I go about fixing this? Is this an error during the encryption process?

Thank you very much for any input that you can offer.

anon63938304 · September 29, 2015, 7:38pm

sometimes you have to put stuff in the trusted area. I remember a pop up you had to answer once the first time and then it was taken care of, but that was on an older version. Not sure how it works now.

anon11042228 · September 29, 2015, 7:43pm

Thank you very much for your input. My private certificate shows on the “My Certificates” tab as well as the “Trusted Certificates” tab.

anon63938304 · September 29, 2015, 8:09pm

I think it has to do with the person doing the encryption. You have to accept that person (email address) as valid for using that public key. Once that is done it that person/key combo is good from then on.

anon11042228 · September 29, 2015, 8:29pm

Greg, thanks for your input. How does one accomplish this? Is there some “certify sender” option in Kleopatra that I’m overlooking?

Thank you very much.

anon90979041 · September 30, 2015, 12:15am

Adam,

Do you have the sender’s public key? You’ll need that to check their signature since it was made with their private key.

-Sean

aheinecke · September 30, 2015, 8:48am

On how to certify a certificate with Kleopatra see:

http://www.gpg4win.de/doc/en/gpg4win-compendium_16.html

Point “Authenticating an OpenPGP certificate”

The compendium speaks of “Authenticate Certificate” but in current Kleopatra it is called Certify Certificate (have to update this )

anon11042228 · September 30, 2015, 12:32pm

SC,
The sender used my public key. Using my private key I CAN decrypt the file and open it in excel. However, I get the aforementioned error.

anon11042228 · September 30, 2015, 1:37pm

One more note that may be helpful: we have a hundred clients who send files to us encrypted with our public key. We successfully decrypt all of their files successfully and without issue except for this one client.

anon90979041 · October 2, 2015, 2:04am

Adam,

To be clear: do any of your other clients sign their files and are you able to verify their signatures?

Encrypting and signing are two very different things. As far as I know, one cannot sign a file with someone else’s public key. Signatures can only be made with one’s own private key and must be verified with the corresponding public key.

I just ran a test and signed a file with a private test key and encrypted it with my own public key. I then deleted the test keys (public and private) and decrypted the file. I got the exact same error message you are getting. I would be willing to bet that if you contacted your client, got his/her public key and added it to your keyring, you would no longer get the error message. Instead, you would get a “good signature” message.

Regards,
Sean

anon11042228 · October 2, 2015, 12:47pm

Sean,
Great input! I’ll give this a try.

anon90979041 · October 3, 2015, 5:48am

No problem. If you would, update us on how it went, Thanks!

-Sean

anon11042228 · October 5, 2015, 1:29pm

Sean,
I added the encryptor’s public key to Kleopatra and signed it with my personal certificate. After that the error is gone!

Excellent excellent excellent input from you guys.

Thank you very much!

anon90979041 · October 7, 2015, 10:20am

Glad to hear it!

Regards,
Sean