newbie problems

Max Brandt
Fri Dec 6 20:22:05 2002

Hi all,

Thanks to those who have enlightened me on the difference between
"sign" and "encrypt and sign".

So far I have not had a reply on the last point of my original post:

 > Finally, a question: To test the compatibility between GPG
 > and PGP8, I created new keys in each, imported the public
 > keys of each to the other, signed them, then sent encrypted
 > and signed messages to each. GPGtoPGP gave no problems, but
 > in decrypting the PGP-GPG message I got this
 > warning:
 >      gpg: WARNING: message was not integrity protected
 > What is the problem here?

I see that GPGshell gives me the option, in GnuPG preferences, to
remove this warning (no-mdc-warning). As there appears to be no
option in PGP8 relating to modification detection code, I
assume that PGP (at least in the freeware version) encrypts
without mdc, which would make all messages vulnerable to message
modifications attacks. Am I correct?

Max B