The bug here is that when creating a .gpg file from a large unencrypted file on disk, gnupg only reads the first (SIZE % 2^32) bytes of the file instead of its entire contents. So of course extracting the original file from the .gpg file doesn't work. This looks to have been fixed in the 1.2.5 release. Built a test fix as gnupg-1.2.1-12.
Text of issue: we discovered this problem with "gpg": After "gpg -c 24GBdataset.tar" (for symmetric encryption with passphrase) the resulting file is not decryptable/ corrupt ! It gives: evebe607 - root - /usr2/ptmp - 24#: gpg --decrypt ensight-segv.tar.gpg >x.tar gpg: CAST5 encrypted data -------------> Here I give the correct password -----------> it decrypts for about 2 minutes gpg: [don't know]: invalid packet (ctb=45) gpg: [don't know]: invalid packet (ctb=3c) gpg: WARNING: message was not integrity protected gpg: the IDEA cipher plugin is not present gpg: please see http://www.gnupg.org/why-not-idea.html for more information gpg: IDEA cipher unavailable, optimistically attempting to use CAST5 instead Enter passphrase: -------------> here the passphrase is asked again !!! ----------> on disk I can find a 2.8GB "x.tar": 2785370112 Jan 31 09:26 x.tar -------------> I enter the correct passphrase again: gpg: decryption failed: bad key gpg: fatal: cipher_decrypt: invalid mode 0 secmem usage: 1408/2208 bytes in 2/5 blocks of pool 2208/16384 --> termination Expected Result: gpg should not create a corrupt file, gpg should be able to create the same file as was used for ancryption as the result of decryption.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2006-0266.html