Feature suggestion: options to require MDC or trusted signature on decryption

Holger Smolinski via [gnupg-devel] gpg-devel at nopicturesplease.de
Thu May 24 18:39:09 CEST 2018


Am 24.05.2018 um 10:53 schrieb Francois Grieu:

> In the wake of efail ( https://efail.de/ ), I think it could be useful
> to add options to gpg (the command-line tool) that
>
> [1] cause gpg to supress any deciphered output that is not
> integrity-protected by at least one of MDC or trusted signature; I do
> realize this requires buffering when using gpg as a pipe.
>
> [2] cause gpg to exit with non-zero status whenever an input was
> deciphered (output or not) and was not integrity-protected as above.
>
> Any thoughts (like: some of that exists, and I missed it) ?
I'd vote for [2] without output generation as default behavior and also
add an override option.

That would allow external programs like enigmail to
- either treat this as a failed decryption for security reasons [default]
- or voluntarily accept the unsafe behavior and establish safety on
their own.

Regards,
    Holger

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180524/6b9c0d10/attachment.sig>


More information about the Gnupg-devel mailing list