message was not integrity protected
David Shaw
dshaw@jabberwocky.com
Mon Apr 7 16:11:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, Apr 06, 2003 at 05:07:56PM -0700, David Ellement wrote:
> On 2002-10-14, David Shaw wrote
> > On Thu, Oct 10, 2002 at 02:31:13PM +0200, Heiko Teichmeier wrote:
> > > "Warning: messsage was not integrity protected".
> > > How dangerous is this problem to trust the mail? What way exist to get a
> > > clean message - no failure?
> >
> > GnuPG supports integrity protected messages which adds a hash (sort of
> > a mini-signature) inside the encrypted message to alert the user if
> > the message was tampered with.
> >
> > That warning message means that the message you received did not have
> > integrity protection enabled.
>
> I see on messages I send between my work and home machines. I'm using
> GnuPG 1.2.1 at both ends. How is it that I've disabled integrity
> protection?
If the key does not have the MDC flag set, then MDC will not be used.
GnuPG sets this flag, but PGP does not. Were the keys generated with
PGP?
There are also various options that disable MDC, either directly or as
a side effect. Do you have any of these in your gpg.conf file?
disable-mdc
pgp2
pgp6
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc1 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc
iD8DBQE+kYaO4mZch0nhy8kRAnefAKDZkD+rmRlNUbu+AGaJ1aJOF+A7kQCg3wDo
BwikzAmYCzcTUlbDa/A9sdU=
=D+mB
-----END PGP SIGNATURE-----