After it failed, I examined the file itself in the storage. Using simply 'gpg2 -d thefile.gpg', I am prompted for my pin, then my Yubikey4 requests a touch (blinks until I touch it), then I get information about they keys the file was encrypted with (mine and a coworker), followed by this:
Code:
gpg: public key decryption failed: Hardware problem
gpg: decryption failed: No secret key
I found this quite odd, especially since the other files in the storage decrypt just fine with this Yubikey4.
I tried a few things to get more information; I recovered the original private key from backup, not on the Yubikey4, and was able to decrypt the file with that. I re-encrypted the data with the same encryption keys, and the new file is able to be decrypted with both the yubikey4 and the software key. The only difference I can figure is that the Yubikey4 doesn't like the session key. Unfortunately, I can't figure out how to force gpg2 to use a particular session key for encryption; the --override-session-key flag seems to only affect decryption.
I'm open to other suggestions on how to debug this. I'm hoping somehow its a bug in gpg2 and not in the Yubikey4 itself.Statistics: Posted by linsam — Wed Sep 07, 2016 5:37 am
]]>