[CleanNet Spam:] Re: "decryption forced to fail" due to missing signature?

Patrick Brunschwig patrick at enigmail.net
Wed Jan 24 08:41:13 CET 2018

On 23.01.18 16:28, Alexander Strobel wrote:
> Am 23.01.2018 um 14:20 schrieb Vincent Breitmoser:
>> Hi Alexander,
>> ...
>> The real mystery is why `gpg --encrypt` creates an SEDP instead of
>> IPSEDP. This used to depend on the recipient key's MDC feature flag, but
>> I thought it had been enabled by default for a while now, at least for
>> AES? Your key does have that flag, so an MDC should have been added one
>> way or another.
> Thanks for your explanation, Vincent.
> I figured out why I ran into this problem: For testing with BouncyCastle
> I added "disable-mdc" to my gpg.conf ...
> But this does not solve the inconsistency in "showing an error and still
> return decrypted data" I see when MDC is missing. Maybe someone can
> explain this to me? :)

The message can be decrypted, so there is no reason from the point of
view of GnuPG to not deliver it - together with an indication that there
is some "error".

It's up to the user (mail client) to decide how to handle the decrypted
data and the error message. And apparently Enigmail doesn't have a good
idea how to handle this reasonably.


More information about the Gnupg-devel mailing list