Feature suggestion: options to require MDC or trusted signature on decryption

Patrick Brunschwig patrick at enigmail.net
Thu May 31 16:51:22 CEST 2018


On 31.05.18 13:28, Werner Koch wrote:
> On Tue, 29 May 2018 08:14, patrick at enigmail.net said:
> 
>> Enigmail fails with this since about two weeks, also for older versions
>> of GnuPG. I had a number of bug reports/support requests since then, but
>> overall it was less than I feared. Some people still have very old keys.
> 
> Good.  Today I pushed changes for 2.2.8 which will now always require
> the MDC and which will print a hint in case an old cipher algorithm is
> the cause for the missing MDC:
> 
>   gpg: WARNING: message was not integrity protected
>   gpg: Hint: If this message was created before the year 2003 it is
>        likely that this message is legitimate.  This is because back
>        then integrity protection was not widely used.
>   gpg: Use the option '--ignore-mdc-error' to decrypt anyway.
>   [GNUPG:] ERROR nomdc_with_legacy_cipher 152
>   gpg: decryption forced to fail!
>   [GNUPG:] DECRYPTION_FAILED
>   [GNUPG:] END_DECRYPTION

Great, thanks!

May I suggest that for GnuPG 2.3 you implement some more rules? For example:
* refuse encrypting emails if MDC is not enabled in the key prefs
* remove options like --ignore-mdc-error, --ignore-mdc-warning and
  --allow-multiple-messages, or at least require them to be combined
  with something like --dangerous-options

-Patrick

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180531/3790b20f/attachment.sig>


More information about the Gnupg-devel mailing list