Feature suggestion: options to require MDC or trusted signature on decryption
Holger Smolinski via [gnupg-devel]
gpg-devel at nopicturesplease.de
Thu May 24 18:39:09 CEST 2018
Am 24.05.2018 um 10:53 schrieb Francois Grieu:
> In the wake of efail ( https://efail.de/ ), I think it could be useful
> to add options to gpg (the command-line tool) that
>  cause gpg to supress any deciphered output that is not
> integrity-protected by at least one of MDC or trusted signature; I do
> realize this requires buffering when using gpg as a pipe.
>  cause gpg to exit with non-zero status whenever an input was
> deciphered (output or not) and was not integrity-protected as above.
> Any thoughts (like: some of that exists, and I missed it) ?
I'd vote for  without output generation as default behavior and also
add an override option.
That would allow external programs like enigmail to
- either treat this as a failed decryption for security reasons [default]
- or voluntarily accept the unsafe behavior and establish safety on
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel