Feature suggestion: options to require MDC or trusted signature on decryption
Patrick Brunschwig
patrick at enigmail.net
Thu May 31 16:51:22 CEST 2018
On 31.05.18 13:28, Werner Koch wrote:
> On Tue, 29 May 2018 08:14, patrick at enigmail.net said:
>
>> Enigmail fails with this since about two weeks, also for older versions
>> of GnuPG. I had a number of bug reports/support requests since then, but
>> overall it was less than I feared. Some people still have very old keys.
>
> Good. Today I pushed changes for 2.2.8 which will now always require
> the MDC and which will print a hint in case an old cipher algorithm is
> the cause for the missing MDC:
>
> gpg: WARNING: message was not integrity protected
> gpg: Hint: If this message was created before the year 2003 it is
> likely that this message is legitimate. This is because back
> then integrity protection was not widely used.
> gpg: Use the option '--ignore-mdc-error' to decrypt anyway.
> [GNUPG:] ERROR nomdc_with_legacy_cipher 152
> gpg: decryption forced to fail!
> [GNUPG:] DECRYPTION_FAILED
> [GNUPG:] END_DECRYPTION
Great, thanks!
May I suggest that for GnuPG 2.3 you implement some more rules? For example:
* refuse encrypting emails if MDC is not enabled in the key prefs
* remove options like --ignore-mdc-error, --ignore-mdc-warning and
--allow-multiple-messages, or at least require them to be combined
with something like --dangerous-options
-Patrick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180531/3790b20f/attachment.sig>
More information about the Gnupg-devel
mailing list