Hello
I can’t decipher any file with my Onlykey on Windows 11.
When I go to the OnlyKey application and want to decipher a file it opens a tab in my browser.
Then I enter the requested data and when I want to decipher a message an error message appears:
“I need recipient’s public gpg key :(”.
Please, how can I stop this message from appearing and decipher my file?
Thank you for your time and your great product.
Hello
I have been further with new tests this afternoon.
And the result is a bitbetter.
I have understand that I needed to place a copy past of the armored public key in the sender field.
Now the OnlyKey led turn yellow until I type the challenge on it and rever green.
And I get a new error :
“Error incorrect challenge was entered”
Please tell me what to do
Thank you for your time.
You can disable the requirement for a challenge PIN in the preferences of the OnlyKey app. Then you can just touch any button instead of entering a challenge code. You must put OnlyKey in config mode before changing this setting.
Thank you very much for your answer.
But in fact this was already done.
Best regards.
Hello,
Reading this post I have tried to do the same on my Debian and it also fail using the OnlyKey - Encrypt & sign messages in your browser using OnlyKey.
But the failure is a bit different.
I have first successfully signed and ciphered a text file with OnlyKey - Encrypt & sign messages in your browser using OnlyKey.
Then I have tested the result on command line to ensure the first step was correct typing:
gpg message.txt.zip.gpg
This work flawlessly validating the signature and deciphering the message.
But when I try to validate the signature en decipher the very same message.txt.zip.gpg with the browser site https://apps.crp.to/app/decrypt-file:
The OnlyKey led first turn shortly yellow.
Then blink in cyan.
Then a touch a button and it turn yellow and ask for the challange.
Then I enter the challange (Note the challange is set to “Button Press” for both Derived and Stored keys on my OnlyKey)
The led tunred green again.
And I get this error result.
Error: integrity check failure; got bad IV in decryption
On my side after some investigation I have found and solved the my problem.
In the webapp in the source file src/onlykey-fido2/onlykey/onlykey-pgp.js line 381 there is this code
function slotid(slot) {
var ret = (slot == OKSIGN ? 2 : 1);if(KB_ONLYKEY.is_ecc){ ret+=100; } return ret;}
To work this code assume the signing GPG subkey is in the slot ECC2 and the deciphering GPG subkey is in the slot ECC2 and that was not my case.
Everything worked perfectly with the cli onlykey-gpg-agent because it find the correct slot based on the comment in ‘onlykey-cli getkeylabels’ but the webapp does not do that.
I have changed the subkey slots of my first keyset and now this work on the webapp with my first key set but for the other keysets which are in others slots I can only use them with the onlykey-gpg-agent which only work on Linux but not on Windows.
