MDC and GnuPG as a filter
David Shaw
dshaw@jabberwocky.com
Tue Aug 13 02:54:01 2002
On Mon, Aug 12, 2002 at 08:31:09PM -0400, Gordon Worley wrote:
>
> On Monday, August 12, 2002, at 09:59 AM, Florian Weimer wrote:
>
> >It looks as if an application should start processing the decrypted
> >data only after the MDC packet has been verified. (Have a look at
> >this paper: http://www.counterpane.com/pgp-attack.html -- most of you
> >probably know it already.)
> >
> >Unfortunately, this breaks one-pass processing for OpenPGP data. The
> >whole plaintext has to be stored, and in general, processing can only
> >begin after all data has been received. :-(
> >
> >Or am I missing something?
>
> Having read the paper, I'm wondering, how can I check for this via
> GPGME. Will GPGME provide an error if the MDC packet does not verify (I
> couldn't find one that it might return)?
[GNUPG:] GOODMDC or [GNUPG:] BADMDC
In 1.2, a bad MDC also gets you a [GNUPG:] DECRYPTION_FAILED
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson