Feature suggestion: options to require MDC or trusted signature on decryption

Werner Koch wk at gnupg.org
Thu May 31 13:28:32 CEST 2018

On Tue, 29 May 2018 08:14, patrick at enigmail.net said:

> Enigmail fails with this since about two weeks, also for older versions
> of GnuPG. I had a number of bug reports/support requests since then, but
> overall it was less than I feared. Some people still have very old keys.

Good.  Today I pushed changes for 2.2.8 which will now always require
the MDC and which will print a hint in case an old cipher algorithm is
the cause for the missing MDC:

  gpg: WARNING: message was not integrity protected
  gpg: Hint: If this message was created before the year 2003 it is
       likely that this message is legitimate.  This is because back
       then integrity protection was not widely used.
  gpg: Use the option '--ignore-mdc-error' to decrypt anyway.
  [GNUPG:] ERROR nomdc_with_legacy_cipher 152
  gpg: decryption forced to fail!
> in favor of backporting this, but we need to make the developers of
> tools using GnuPG aware of the change early enough such that they can
> prepare their software. Otherwise we'll leave behind a number of unhappy

I would suggest that you parse that new ERROR status line and print a
warning like the above if the first arg is "nomdc_with_legacy_cipher".

I have not yet decided whether and how to do this in gpgme.  May be a
context specific flag to pass --ignore-mdc-error and a flag in the
decryption result.



#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180531/605c672e/attachment.sig>

More information about the Gnupg-devel mailing list