"decryption forced to fail" due to missing signature?

Werner Koch wk at gnupg.org
Tue Jan 23 15:17:31 CET 2018


On Tue, 23 Jan 2018 11:45, Alexander.Strobel at giepa.de said:

> gpg: WARNING: message was not integrity protected
>
>
> Is this behavior intended?

Yes.  The MDC feature has been deployed 17 years ago and we can expect
that all implementation use this.  Not using MDC (i.e. authenticated
encryption) is not a good idea due to real world attacks which may
reveal the plaintext.

It seems that some Bouncy Castle based implementations do not create MDC
packets.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180123/f22e40b3/attachment.sig>


More information about the Gnupg-devel mailing list