Windows 11 and Kleopatra not working

Jim_Cozzy · October 3, 2024, 6:42pm

Kleopatra
Version 3.2.2.231170 (Gpg4win-4.3.1)

With Windows 11 not able to encrypt/decrypt files.
I get this warning – Invalid cipher algorithm
And when I click diagnostics I get this

gpg: enabled compatibility flags:
gpg: using subkey XYZ instead of primary key XYZ
gpg: using subkey XYZ instead of primary key XYZ
gpg: No trust check due to '--trust-model always' option
gpg: ABC: skipped: public key already present
gpg: using subkey XYZ instead of primary key XYZ
gpg: No trust check due to '--trust-model always' option
gpg: writing to '-'
gpg: WARNING: forcing symmetric cipher 3DES (2) violates recipient preferences
gpg: cipher algorithm '3DES' may not be used for encryption
gpg: (use option "--allow-old-cipher-algos" to override)
gpg: build_packet(PLAINTEXT) failed: Invalid cipher algorithm
gpg: -&16: sign+encrypt failed: Invalid cipher algorithm

Jim_Cozzy · October 3, 2024, 6:42pm

cklassen · October 4, 2024, 6:43am

Hi @Jim_Cozzy,

Are you familiar with a shell e.g. the PowerShell? Then you could try the encryption in the shell so we could see if it works in general.

From the diagnostics it looks like your Gpg is forcing the 3DES algorithm which is not present in the preferences of the recipient’s key. You could check this by running the command gpg --edit-key <key_id_recipient> (and of course replace the part in <> with the ID of the recipient’s key). Then run showpref and you will see something like Cipher: AES256, AES192, AES, 3DES although in your case I would expect that you won’t see 3DES.

Jim_Cozzy · October 4, 2024, 1:30pm

It should be noted that I am not an administrator on this computer. But see what I got below.

PS Y:> gpg --edit-key 5FE8 XXXX XXXX XXXX
gpg (GnuPG) 2.4.5; Copyright (C) 2024 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: enabled compatibility flags:
gpg: key “5FE8” not found: No public key
PS Y:>

Jim_Cozzy · October 4, 2024, 2:56pm

ok, I can actually encypt/decrypt from powershell too, using the command --allow-old-cipher-algos, but want to be able to do it from Kleopatra. How can I setup Kleopatra to allow this too?

cklassen · October 7, 2024, 8:50am

Since Kleopatra is using GnuPG it should be working by adding allow-old-cipher-algos to the gpg.conf. If you don’t have such a file you can create it in %APPDATA%\gnupg.

Jim_Cozzy · October 7, 2024, 2:00pm

Thank you!

That worked. I found the gpg.conf file and edited to include allow-old-cipher-algos, and this now works great.
Thanks again!

cklassen · October 8, 2024, 10:55am

I’m glad I could help you