gpg: decryption failed: Bad session key

Question

I'm trying to decrypt a file using gpg and getting this error:

$ gpg --no-tty --batch --verbose --decrypt --passphrase foo file.enc
Version: GnuPG v1.4.11 (GNU/Linux)
gpg: armor header: 
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: decryption failed: Bad session key

I tried to reload the gpg agent, no luck:

$ gpgconf --reload gpg-agent

How to solve that?

Please add the output of `gpg --list-packets < file.enc`. Remove any key information you like, I'm mostly interested in the structure. — Jens Erat, May 19 '15 at 07:10
One likely cause of this error message is that you're using the wrong passphrase. — Dzamo Norton, Feb 17 '19 at 06:03

score 23 · Accepted Answer · answered Jun 19 '15 at 09:32

23

For the record, if somebody will encounter this problem, too:

The problem was, that the encryption was done using gpg version 1.4.11 and the decryption was using gpg version 2.0.22.

After upgrading the encryption to gpg2 (2.0.17), everything worked fine.

answered Jun 19 '15 at 09:32

Udo Klimaschewski

5,150
1
28
41

Thanks, this was exactly my problem. Upgrading to `gpg2` and renaming the alias from `gpg2` to `gpg` resolved the issue. – albogdano Feb 25 '16 at 09:17
11

what if someone (like me) has encrypted data and needs to decrypt them? I can't update the encrypter to the same version.. – EsseTi Jul 27 '18 at 11:03
@redjamjar I guess your only chance is to use an older version for decryption. It should be possible to install and run different gpg versions in parallel. – Udo Klimaschewski Jan 21 '19 at 09:35

score 13 · Answer 2 · edited Apr 07 '21 at 19:53

13

I found this, which seems to be the magic that I could not find anywhere else:

Try adding --pinentry-mode loopback to your command. Maybe there is a problem with your installation / pinentry program so that it does not start or you are accidentally using a dummy / test pinentry which provides the wrong passphrase.

edited Apr 07 '21 at 19:53

Aposhian

801
1
10
27

answered Jan 01 '20 at 21:06

Gerald Lotto

131
1
2

4

The exact command that worked for me: gpg --pinentry loopback --decrypt MYFILE.gpg – Joshua Richardson Apr 30 '20 at 17:54

score 1 · Answer 3 · answered Aug 02 '21 at 14:57

I encrypted my file with a passphrase file in batch mode. When I tried to decrypt my file I got the dreaded "bad session key" message.

I created a passphrase file with Vim for Windows, and Vim left \r\n at the end of the text line even though I did not hit carriage return. gpg ignored the \n but retained the \r as part of the passphrase!

Vim for Windows can be induced to not leave \r\n, but it is easier to just use Notepad without a carriage return at the end of line. Best to check your passphrase file with a hexdump to be sure. There are other ways to get hurt by \r\n issues when supplying the passphrase using the command line, so be alert to it.

score 0 · Answer 4 · answered Apr 27 '23 at 06:17

0

I solved this problem by removing special chars like % from the password.

answered Apr 27 '23 at 06:17

SAM

742
10
24

gpg: decryption failed: Bad session key

4 Answers4

Linked