Feature suggestion: options to require MDC or trusted signature on decryption

Holger Smolinski via [gnupg-devel] gpg-devel at nopicturesplease.de
Thu May 24 23:13:46 CEST 2018

Am 24.05.2018 um 22:34 schrieb Uri Blumenthal:
> I do *not* want to enforce the presence of a signature (to preserve the possibility of anonymity) - but I do want a true AE.

+1 - anonymity is important, and AE is the way to prohibit variant 2
(the one with gadget injection)

variant 1 (wrapping) is more difficult to handle, as secured content is
presented and parsed in a potentially unsecured environment. Any
solution will have to ensure, that the entire message (including the
non-encrypted parts) has not been modified between the sender and the

I'd suggest clients to wrap any (partially) encrypted message in a fully
encrypted (and AE'ed by the sender) single part envelope message, and
consequently neverever parse any surroundings of an encrypted envelope
beyond decrypting the contents of that single part.
At least that will secure future messages against variant 1 leaks -
messages stored unpacked from the envelope (like old stored messages)
will still be vulnerable.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180524/e9f404fd/attachment.sig>

More information about the Gnupg-devel mailing list