gpg 1.0.1 also cannot decrypt stuff encrypted by gpg 1.0.4

Werner Koch wk@gnupg.org
Wed, 18 Oct 2000 11:10:00 +0200


On Tue, 17 Oct 2000, Darxus@ChaosReigns.com wrote:


> Without verbose mode turned on, attempts to decrypt messages from gpg
> 1.0.3 or 1.0.4 with gpg 1.0.1 result in a blank message and no errors. Is
> this acceptable behavior ? I, personally, don't want to encrypt anything
> to anyone else using anything over gpg 1.0.2, because I want the recipient
For various reasons it is suggested to upgrade to 1.0.4. If you have problems with that you should put disable-cipher twofish into your ~/.gnupg/options. Look at the NEWS entry for 1.0.3: * Twofish and MDC enhanced encryption is now used. PGP 7 supports this. Older versions of GnuPG don't support it, so they should be upgraded to at least 1.0.2
> gpg: ELG-E/TWOFISH encrypted for: A089BDC4 test key, delete <test@chaosreigns.com>
Twofish triggers the use of the new MDC encryption. Becuase Twofish has been in the cipher preferences for a long time, you gpg assumes that the receiver is able to decrypt the MDC packets ....
> :unknown packet: type 18, length 74
MDC packet; gpg 1.0.1 does not know about it. So there is a problem with the assumption that using Twofish also means that the recipient is able to do MDC. My fault. Workaround is to disable the use of Twofish for a while until everyone has updated gpg - THIS SHOULD BE DONE ANYWAY DUE TO THE RECENTLY FOUND BUG. It does not make much sense to use a security software when one is not going to keep up with important updates. I know that this is troublesome (unless you have Debian ;-), but although we have "open source" it does not mean software is bug free. We do our best to deliver fixes as fast as possible but it is up to the sysadmin/user to apply them. Hth, Werner -- Werner Koch GnuPG key: 621CC013 OpenIT GmbH http://www.OpenIT.de -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org