Sent data before “BEGIN_ENCRYPTION”, and is there a chance to recover?

qtyy · April 25, 2024, 12:49pm

When decrypting a file, I encounter the following error. I am certain that the password is correct (I have tested it successfully on an older version of the same file). I have tried versions 2.2.43, 2.4.0, and 2.4.5, but none of them work. How can I resolve this issue?

gpg: AES.CFB encrypted data
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key

qtyy · April 25, 2024, 5:55pm

It seems that there was a modification (fset 'epg-wait-for-status 'ignore) which caused data to be sent before “BEGIN_ENCRYPTION”. What consequences does this have, and is there a chance to recover?

eebb · April 26, 2024, 7:06am

Hello qtyyyw!

It seems that there was a modification (fset 'epg-wait-for-status 'ignore) which caused data to be sent before “BEGIN_ENCRYPTION”. What consequences does this have, and is there a chance to recover?

How did you come to this conclusion?

Answering to your first post:
If you tested the password on an older version of the file that is no proof that it is correct. The person encrypting the new one could have mistyped this time or copied an additonal whitespace or whatever. A better test (for checking if the cause is the password or gpg) would be to make a test encryption with a very easy password and after that decrypt again. Don’t forget to make gpg-agent forget the password in between. I use “gpgconf --kill all” for that.

You did do interactive decryption on the command line, I assume.
Another thing I would like to verify: Are you using gpg on a Linux (or similar) system or on Windows?

qtyy · April 30, 2024, 3:54am

Thanks for your reply.

I tried GPG cli which still failed to decrypt.
I use emacs on macos M2, Emacs use easyPG interactive with underlying GPG,
I found this post,
https://www.reddit.com/r/emacs/comments/18d6fmt/how_to_lock_yourself_out_of_a_gpg_encrypted_file/

bernhard · April 30, 2024, 7:12am

Hi @qtyy

the discussion which you were linking to, discusses a defect in Emacs when using GnuPG.
And adding (fset 'epg-wait-for-status 'ignore) was mentioned as a bad workaround. Did you make that modification to your emacs code?

Overall it would be on the side of the emacs extensions to fix that defect. GnuPG offers Gpgme as a stable interface, I do not know what emacs uses, but gpgme is designed to avoid problems that arise from changed console output of the gpg binary.

For practical reasons: If you do not have a backup of that file you are probably in bad luck. If the file contents is very valuable and you can be very sure that it was that particular emacs workaround defect that bit you, then a software developer could try to find out more about the defect and see if any data was actually preserved. It maybe the case that no data is left anyway.

All the best
Bernhard

qtyy · May 2, 2024, 5:48am

Understood.

Thank you.