"decryption forced to fail" due to missing signature?

Werner Koch wk at gnupg.org
Tue Jan 23 15:17:31 CET 2018

On Tue, 23 Jan 2018 11:45, Alexander.Strobel at giepa.de said:

> gpg: WARNING: message was not integrity protected
> Is this behavior intended?

Yes.  The MDC feature has been deployed 17 years ago and we can expect
that all implementation use this.  Not using MDC (i.e. authenticated
encryption) is not a good idea due to real world attacks which may
reveal the plaintext.

It seems that some Bouncy Castle based implementations do not create MDC



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180123/f22e40b3/attachment.sig>

More information about the Gnupg-devel mailing list