"You cannot be sure who encrypted this message as it is not signed." by Kleopatra

Sup everyone, so i have had a recurring issue lately when interacting with a friend. I do have his public key, he does have my public key. We’ve been talking to each other through encrypted messages for over a year now and lately i’ve ran into the same problem where when i try to decrypt his messages i get the following on top of my notepad:

''Notepad → Notepad: Decryption succeeded.

Note: You cannot be sure who encrypted this message as it is not signed.
Recipient: ‘‘my username’’ (4493 7A29 D0F6 3F98)‘’

and then underneath where i pasted the encrypted message, it transforms into the following:

-----BEGIN PGP MESSAGE-----

hQIMA5tLwvzFiGhDAQ/9Gh229EXc5u7dmAqnYuYWNwhJmlHpfAPaSgvEntwKxZ9o

MO/jUy9SXHuFK4bRm1xxisN83NHY0jjdt9yPpTsfcuThO+jxTs6c2L+IIA1N903v

iu/tVykDwUrLQaiUiLiOzmylNUvFbHLne6b6v6h4gGanEnsdELLGtJCFduxKm8qd

m2YwzQejHL2GedH5B4i7uE/mY+yi5WVFrFAXYQosabND/qflcgnkD/4VkDNG3OVJ

i3rQO9dakNBZWkpKL7DT8HRZPIjFPvXi1HFUwNUWIu/BKHxxWZJOv4QTIniexDQ0

35iGsXONUIfpe5hXUb2a5qUXMrfObuKk7sJa8UIT2FJD+uuHR9EqcgnQjXEXo6FZ

kTuIV/oeRtNtd3IhEPRCF16kosnw2DUk3uZYj06k7bgTehYrx8bK2TghHowBQDrQ

BFyvhU4d0PQ8FGdW2coGmfk2bsud21u/Exw1xM+5l3ztAmZ4fT1/8J+w+bjX8PDF

rCTrWZMGZMP0GOr9Qb9yoUCQjp/cuexOqKUtKVG5vgQsnoY9xoZqu1ApiEVGgoed

qea6iBT1pa0jOcjhurCfZKDvbiQibsSnOHKsyn/i7r2WjjIDC8RIuuxnn6upAf1m

6xtQPYR2sGR7a5JUnzT5AoHlVtcQXlkoLnw4+PmGXAbb/mzCWTjOnMQEte7tEKLS

6QH/XLJLaa8GRBtlZtX1fY0YQ54Js6CQ7Na7GEaH1sprU7ej1BEul0cVWvZm+Ijl

GvufqedpsDjyvzoiuNE02bl+6952QA9otAMqJy12qwx5ye3etMrWyDJ8wkFQvYIX

7/FO9dujJ18IZi9YM1FegxNrovvZb0RAO9Su7AHHrpMDKuukqMB/Wau+pHmC8IuV

GzzKVgWbeVKTr3L34+ufAQn7D5x7irMJkNLLcZ7N0GTM0c/mSNUrbJC4+jTj/JRm

kk03xjDf01h0wDX/LLGQRWN3mXq3peG/rIsRFYbOWt8XvM4b3n5VKSHbj+bbFClB

TvUmXP4XBCoHNajvNATEYqNBH40ecPeR5JpnEi2gxiYlHBm5QhTIlPlxEYa+fcww

r5FDuo3jyXOU2n6wuBK8fUlbsr6Izw3Is8/N0V//MyYKh4SLJnh7WehMk/Ljmxm5

651SeM5s6SWC8E+yKLEsFWUn0APbaI6DymuAWBiIW1lE9WZ/tHwvNlX2XK1is9SM

ZwZ0LqkW5rnAa0uRCtYHQ4JUlL1f2g6Dlk2YdsJeHzRLwwSZaXNMXHJVQtqVD+Qm

2ridzM1R2CArIoeogmMpcaNpozTDZ0wqRyY0YOqzL6WmLdE7UcQKJzcncKzJNPYW

javqHEW0A1kYlz6hhkqXP7QHrg6AWWsqGXApRvmBvuwQWjVXQylRFzdWSzi5Kvhk

Wzjv17m19/JWP74urhmt5iaatPDk+wEk++uSL+fFYQbE+nva4Bi9OQlA1I8R0J8o

kGZsTEid7VQ0UwA1kejuPOaIfEwwpu9KdGFaiw==

=yuuQ

-----END PGP MESSAGE-----

Thing is after the last message i received from said friend, i decrypted all the other messages that didn’t went thru and i always end up with the exact same out come every single time.

I’m on Windows 11, i have the latest Kleopatra version and i’ve exchanged encrypted messages with alot of people(including 4 as of lately) and i’ve never ever had to deal with this issue before so part of me wants to believe that my friend is probably doing something wrong but i ended up having 1 of their recent message actually decrypt properly but other than that i have absolutely no clue about what is going on here. I tried looking up on Google and YouTube for possible answers but so far i haven’t found anything so hopefully anybody here can enlighten me because it’s kinda irritating me.

Thanks in advance for the help.

Hi @Periphery,

it is very cool that you are exchanging crypto messages with others!
We’ll try to help you to find out what is going on.

My first questions:

• Can you see the decrypted text (aka the cleartext) in addition to the messages somewhere? (You can ask your friend for a test message so you know what should be the cleartext. Do not post it here.)
• Can you ask your friend what software is used on their end?
• … and if Encryption and Signing is selected?

Because you report that it is working fine with three other people, my idea is that maybe the one where it isn’t working indeed has not signed the data. In this case you should see the cleartext after decryption.

Possibly you could try the command line to decrypt the message, that gives more diagnostic message. E.g. save the message (all lines from BEGIN to END) as text file with an editor to msg.txt. And then run something like gpg -v --decrypt msg.txt on the command line.

Best Regards,
Bernhard

Well my friend is one i made online and he’s quite a very busy person. The only ever time i get to speak with him is thru PGP encryption on his own personal onion link and lately he hasn’t been as active as before due to in real life problems which prompts him to leave comms on the back burner so sometimes i can wait a couple of days before getting an encrypted answer to a message i sent him.

So one of the messages that actually ended up decrypting correctly he simply told me:
''Dear Brother,

Just use GPA mate. It’s better.‘’
and then signed the message at the bottom.

So i tried doing what you suggested by using the command prompt and i think i might’ve messed up at some point cause i opened a new text file, pasted a message in it, saved it on my desktop as ‘‘msg.txt’’ and when i try to run the command you told me i get the following:

‘‘gpg: enabled compatibility flags:
gpg: can’t open the ‘msg.txt’: no such file or directory
gpg: decrypt_message failed: No such file or directory’’

Thing is i am not the only one he communicates with thru PGP so i dunno if i’m the only one that has had trouble getting his messages to decrypt otherwise i think he would’ve long corrected the issue but i could be wrong.

Like i previously mentioned, i’ve been exchanging PGP messages semi regularly with him for over a year now and this is the first time i’ve ever had any issues with anyone when using Kleopatra so you’re kinda confirming my suspicion about the issue being on my friend’s side rather than on mine.

Thanks for trying, you need to run the command on the command line in the same directory where the file msg.txt is saved.

As for GPA (the old privacy assistant): We discontinued packaging it because Kleopatra offers more comfort and is more actively maintained. Most problems have a different reason and an attempt on the command line will show you more about this. If it cannot work on the command line it also cannot work in the frontends like Kleopatra or GPA.

Forgive me if i’m a little clueless here but what do you mean when you say ‘‘you need to run the command on the command line in the same directory where the file msg.txt is saved.’’?

When i open Command prompt, before i even input any command, there is ‘‘C:\Users\admin>’’ so does that mean i have to input something else to get it to detect the file? I tried pasting the file in ‘‘users/admin’’ but it didn’t work.

As you can tell, i’m not at all familiar with any of the more technical stuff when it comes to using Command Prompt so forgive me in advance if this is supposed to be really simple.

A command like cd c:\Users\Periphery\Desktop will get you into the directory for the desktop, (that is if “Periphery” is your username on that machine). With dir you can see what files are in the current directory. If msg.txt is in your current directory, you can use the gpg command from above on it.

Yes, this is the more technical approach but it usually helps to get more information about what maybe the problen.

Ok thanks, funnily enough i finally figured out how to pull it off right as you replied to this message.
So i ran the command and here’s what i got:

C:\Users\admin\OneDrive\Documents>gpg -v --decrypt msg.txt.txt
gpg: enabled compatibility flags:
gpg: public key is 23EDA45857D255A1
gpg: using subkey 23EDA45857D255A1 instead of primary key 44937A29D0F63F98
gpg: encrypted with rsa4096 key, ID 23EDA45857D255A1, created 2024-03-11
“Phobos”
gpg: no running gpg-agent - starting ‘C:\Program Files (x86)\Gpg4win\…\GnuPG\bin\gpg-agent.exe’
gpg: waiting for the agent to come up … (5s)
gpg: connection to the agent established
gpg: AES256.CFB encrypted data
gpg: original file name=‘’
-----BEGIN PGP MESSAGE-----

hQIMA5tLwvzFiGhDAQ/9Gh229EXc5u7dmAqnYuYWNwhJmlHpfAPaSgvEntwKxZ9o
MO/jUy9SXHuFK4bRm1xxisN83NHY0jjdt9yPpTsfcuThO+jxTs6c2L+IIA1N903v
iu/tVykDwUrLQaiUiLiOzmylNUvFbHLne6b6v6h4gGanEnsdELLGtJCFduxKm8qd
m2YwzQejHL2GedH5B4i7uE/mY+yi5WVFrFAXYQosabND/qflcgnkD/4VkDNG3OVJ
i3rQO9dakNBZWkpKL7DT8HRZPIjFPvXi1HFUwNUWIu/BKHxxWZJOv4QTIniexDQ0
35iGsXONUIfpe5hXUb2a5qUXMrfObuKk7sJa8UIT2FJD+uuHR9EqcgnQjXEXo6FZ
kTuIV/oeRtNtd3IhEPRCF16kosnw2DUk3uZYj06k7bgTehYrx8bK2TghHowBQDrQ
BFyvhU4d0PQ8FGdW2coGmfk2bsud21u/Exw1xM+5l3ztAmZ4fT1/8J+w+bjX8PDF
rCTrWZMGZMP0GOr9Qb9yoUCQjp/cuexOqKUtKVG5vgQsnoY9xoZqu1ApiEVGgoed
qea6iBT1pa0jOcjhurCfZKDvbiQibsSnOHKsyn/i7r2WjjIDC8RIuuxnn6upAf1m
6xtQPYR2sGR7a5JUnzT5AoHlVtcQXlkoLnw4+PmGXAbb/mzCWTjOnMQEte7tEKLS
6QH/XLJLaa8GRBtlZtX1fY0YQ54Js6CQ7Na7GEaH1sprU7ej1BEul0cVWvZm+Ijl
GvufqedpsDjyvzoiuNE02bl+6952QA9otAMqJy12qwx5ye3etMrWyDJ8wkFQvYIX
7/FO9dujJ18IZi9YM1FegxNrovvZb0RAO9Su7AHHrpMDKuukqMB/Wau+pHmC8IuV
GzzKVgWbeVKTr3L34+ufAQn7D5x7irMJkNLLcZ7N0GTM0c/mSNUrbJC4+jTj/JRm
kk03xjDf01h0wDX/LLGQRWN3mXq3peG/rIsRFYbOWt8XvM4b3n5VKSHbj+bbFClB
TvUmXP4XBCoHNajvNATEYqNBH40ecPeR5JpnEi2gxiYlHBm5QhTIlPlxEYa+fcww
r5FDuo3jyXOU2n6wuBK8fUlbsr6Izw3Is8/N0V//MyYKh4SLJnh7WehMk/Ljmxm5
651SeM5s6SWC8E+yKLEsFWUn0APbaI6DymuAWBiIW1lE9WZ/tHwvNlX2XK1is9SM
ZwZ0LqkW5rnAa0uRCtYHQ4JUlL1f2g6Dlk2YdsJeHzRLwwSZaXNMXHJVQtqVD+Qm
2ridzM1R2CArIoeogmMpcaNpozTDZ0wqRyY0YOqzL6WmLdE7UcQKJzcncKzJNPYW
javqHEW0A1kYlz6hhkqXP7QHrg6AWWsqGXApRvmBvuwQWjVXQylRFzdWSzi5Kvhk
Wzjv17m19/JWP74urhmt5iaatPDk+wEk++uSL+fFYQbE+nva4Bi9OQlA1I8R0J8o
kGZsTEid7VQ0UwA1kejuPOaIfEwwpu9KdGFaiw==
=yuuQ
-----END PGP MESSAGE-----

So basically, i still get the same ‘‘encrypted’’ message that i get everytime i try to decrypt my friend’s encrypted messages which is confusing the hell out of me because i’ve never had that happen to me before.

Maybe - by accident - they encrypted the file twice?
So after the first decryption, you now have an other encrypted file. What happens if you save that and try to decrypt it? (You can leave out the key numbers when posting as they identify your public keys.)

The message that you have posted seems to be encrypted to RSA key, ID 9B4BC2FCC5886843. If that is your key then you can decrypt again. (But do not post the cleartext here ). Or if you know that key you know to whom your friend encrypted to.

C:\Users\admin\OneDrive\Documents>gpg -v --decrypt msg2.txt
gpg: enabled compatibility flags:
gpg: public key is 9B4BC2FCC5886843
gpg: encrypted with RSA key, ID 9B4BC2FCC5886843
gpg: public key decryption failed: No secret key
gpg: decryption failed: No secret key

Pretty much the same thing that happens when i tried doing it in Kleopatra prior to even thinking of making an account here to discuss the issue.
Thanks alot for the feedback, i think i’ll simply send him a message trying to summarize what i got out of this interaction.
Thank you alot for your time and effort, take care of yourself and have a nice day.

gpg --list-keys 9B4BC2FCC5886843 would tell you, if this is a pubkey you know. But if it isn’t than your friend simply encrypted a ciphertext to you.

Take care and have a nice day!