Unable to decrypt password encrypted for multiple public keys

[Grokafar]

Hello !
First, thank you so much for the all the work done on Pass for iOS ! 🙏

I cannot decrypt password encrypted for multiple recipients with the application.

I use pass on my computer and I encrypt the passwords using two public keys entered in the .gpg-id file. The application can only decrypt the password encrypted with one public key. All the passwords encrypted with multiple public keys cannot be decrypted, the following error is displayed : Fail to dicipher data (

passforios/pass/Services/PasswordDecryptor.swift

Line 91 in ebd26ec

throw AppError.yubiKey(.connection(message: "Failed to dicipher data"))

)

Summary :

• ✔️ The application can decrypt application added passwords (but encrypted with only one key : already reported here with multiple keys in gpg-id, passwords only encrypt for one recipient. #654)
• ✔️ The application can decrypt passwords from the computer only if one public key is used
• ✖️ The application cannot decrypt passwords encrypted with multiple recipients

✔️ Example of a password encrypted with Pass for iOS, can be decrypted

$ gpg --list-packets simple-app.gpg 
gpg: encrypted with rsa4096 key, ID ***56, created ****-**-**      « *** »
# off=0 ctb=c1 tag=1 hlen=3 plen=524 new-ctb
:pubkey enc packet: version 3, algo 1, keyid ***56
	data: [4094 bits]
# off=527 ctb=d2 tag=18 hlen=2 plen=79 new-ctb
:encrypted data packet:
	length: 79
	mdc_method: 2
# off=548 ctb=cb tag=11 hlen=2 plen=36 new-ctb
:literal data packet:
	mode b (62), created 1735140243, name="",
	raw data: 30 bytes

✔️ Example of a password encrypted for one recipient using pass on computer, can be decrypted

$ gpg --list-packets test/simple-pass.gpg 
gpg: encrypted with rsa4096 key, ID ***56, created ****-**-**
      « *** »
# off=0 ctb=85 tag=1 hlen=3 plen=524
:pubkey enc packet: version 3, algo 1, keyid ***56
	data: [4094 bits]
# off=527 ctb=d2 tag=18 hlen=2 plen=75 new-ctb
:encrypted data packet:
	length: 75
	mdc_method: 2
# off=548 ctb=cb tag=11 hlen=2 plen=32 new-ctb
:literal data packet:
	mode b (62), created 1735141681, name="",
	raw data: 26 bytes

✖️ Example of a password encrypted for multiple recipients using pass on computer

$ gpg --list-packets multiple.gpg 
gpg: encrypted with rsa4096 key, ID ***56 created ****-**-**
      « *** »
gpg: encrypted with rsa4096 key, ID ***C0, created ****-**-**
      « *** »
# off=0 ctb=85 tag=1 hlen=3 plen=524
:pubkey enc packet: version 3, algo 1, keyid ***C0
	data: [4096 bits]
# off=527 ctb=85 tag=1 hlen=3 plen=524
:pubkey enc packet: version 3, algo 1, keyid ***56
	data: [4094 bits]
# off=1054 ctb=d2 tag=18 hlen=2 plen=75 new-ctb
:encrypted data packet:
	length: 75
	mdc_method: 2
# off=1075 ctb=cb tag=11 hlen=2 plen=32 new-ctb
:literal data packet:
	mode b (62), created 1735141063, name="",
	raw data: 26 bytes

Pass for iOS version : 0.16.0
GPG on yubikey
iOS version : 15.8.3

The setting Enable .gpg-id (Beta) value does not change the result below.

Feel free to ask for additional logs or anything you need to solve the issue.

[Grokafar]

Actually this error is not related to multiple recipients. I manage to decrypt multiple recipients password but the yubikey decryption very failed with this error with one or several recipients. But it is another issue. Sorry for the noise.