Handle plaintext failed: General error

Hello everyone.

I am using a python script to decrypt encrypted zip files coming to a directory on our machine (Linux AIX version 7.1.0.0, gpg version 2.0.30). We are receiving both CSV and ZIP encrypted files. The python script builds the following command to decrypt each file:

# file_path and output_path are function inputs
# passphrase is stored in environment
decrypt_command = [
    "gpg", "--output", output_path,
    "--batch", "--passphrase", passphrase,
    "--verbose", "--decrypt", file_path
]

(we cannot use the dedicated python package for gpg, so we have to rely on direct CLI commands).

When decrypting CSV files, the function works correctly, and the files are decrypted successfully. However, when decrypting ZIP files, we get the following error:

gpg: public key is ********
gpg: using subkey ******** instead of primary key ********
gpg: using subkey ******** instead of primary key ********
gpg: encrypted with 2048-bit RSA key, ID ********, created **********
      "*********"
gpg: AES256 encrypted data
gpg: original file name='...(correct file name)...'
gpg: handle plaintext failed: General error

(some parts have been obfuscated for privacy reasons)

We know for sure that the private key we are using is correct and that the python function is not inherently flawed, since the CSV files are being processed correctly. What could be the cause of the issue? I would really appreciate any help/input, as the matter has become critical.

Thank you in advance.

I tried two decrypt an enrypted zip file and that worked fine for me:

gpg --output output.zip --batch --verbose --decrypt input.zip.gpg

Is the output path OK (does not exist)?
Is the input file OK, did you test the encryption with gpg outside of your script or on a different machine?

The command works for me too when testing locally. The problem comes when we try to use it to decrypt files coming from the external source.

I am sure that the output path does not exist.

Hi,
as you are using a very special and old version (Linux AIX version 7.1.0.0, gpg version 2.0.30) to decrypt so there might be either a bug or a missing feature in that version. If possible it would be good if you could update this version somehow.

Try to include “–verbose --debug all” in your command and see if some error pops out before you end up with the general errror.

The OpenPGP Standard allows for compression of the data. I do not mean “zip compression” this could just be random but if I run gpg --version I see that my GnuPG supports:
Compression: Uncompressed, ZIP, ZLIB, BZIP2

If I now send someone a message compressed with bzip2 and that user has a Gpg version which does not support the BZIP2 Algorithm that user might be unable to decrypt the message. But since this is rare the problem might not be correctly handled and cause an unexpected error (General Error).

I think debug output should give a hint whats wrong here so that should be the next step.

Hi, thanks for the reply.

I have enabled all debug flags and re-run the script, using a test zip as input.

I’ve attached the log we got from the execution, as it is quite lengthy. Like before, I have introduced some placeholders for privacy reasons, but the diagnostic information should all be there. The error can be found at line 221.

log.txt (39.3 KB)

Thank you in advance for the suggestions/help.