"decryption forced to fail" due to missing signature?

Vincent Breitmoser look at my.amazin.horse
Tue Jan 23 14:20:25 CET 2018


Hi Alexander,

This is correct behavior on the decryption side: The data is encrypted
as an SEDP (tag 9) packet, instead of an Integrity Protected SEDP (tag
18), so it does not use the MDC feature.

Since OpenPGP uses CFB, it's extremely dangerous to consider SEDPs
without either MDC or a signature as secure. In fact, RFC 4880 states
"(It is important, that) implementers treat MDC errors and decompression
failures as security problems."

I'm glad that gpg behaves the way it does here, a quick look at git says
it's been that way since 10/2015 (GnuPG 2.1.9).

The real mystery is why `gpg --encrypt` creates an SEDP instead of
IPSEDP. This used to depend on the recipient key's MDC feature flag, but
I thought it had been enabled by default for a while now, at least for
AES? Your key does have that flag, so an MDC should have been added one
way or another.

 - V




More information about the Gnupg-devel mailing list