Fri Dec 6 20:22:05 2002
Thanks to those who have enlightened me on the difference between
"sign" and "encrypt and sign".
So far I have not had a reply on the last point of my original post:
> Finally, a question: To test the compatibility between GPG
> and PGP8, I created new keys in each, imported the public
> keys of each to the other, signed them, then sent encrypted
> and signed messages to each. GPGtoPGP gave no problems, but
> in decrypting the PGP-GPG message I got this
> gpg: WARNING: message was not integrity protected
> What is the problem here?
I see that GPGshell gives me the option, in GnuPG preferences, to
remove this warning (no-mdc-warning). As there appears to be no
option in PGP8 relating to modification detection code, I
assume that PGP (at least in the freeware version) encrypts
without mdc, which would make all messages vulnerable to message
modifications attacks. Am I correct?