"decryption forced to fail" due to missing signature?
Werner Koch
wk at gnupg.org
Tue Jan 23 15:17:31 CET 2018
On Tue, 23 Jan 2018 11:45, Alexander.Strobel at giepa.de said:
> gpg: WARNING: message was not integrity protected
>
>
> Is this behavior intended?
Yes. The MDC feature has been deployed 17 years ago and we can expect
that all implementation use this. Not using MDC (i.e. authenticated
encryption) is not a good idea due to real world attacks which may
reveal the plaintext.
It seems that some Bouncy Castle based implementations do not create MDC
packets.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180123/f22e40b3/attachment.sig>
More information about the Gnupg-devel
mailing list