danger of decrypted files without integrity protection

Bernhard Reiter bernhard at intevation.de
Thu May 17 14:59:13 CEST 2018

Am Donnerstag 17 Mai 2018 11:18:40 schrieb Holger Smolinski:
> 2nd variant is attacking CFB mode by injecting CFB gadgets 

The CFB mode with MDC as GnuPG is using by default for 15 years
protects against this. (As discussed in other posts already.)

The point of my post is that the CBC mode that all known
CMS implementations use for S/MIME does not have this protection
for emails without inner signature.
So files coming out of this can leak decrypted plaintext
or otherwise use a backchannel or get "active".

Browsers offer no additional protection. So decrypting
files outside an email client may lead to dangerous files.


www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180517/5bb80817/attachment.sig>

More information about the Gnupg-devel mailing list