MDC confusion.
Stewart V. Wright
svwright@liverpool.ac.uk
Mon May 26 11:35:45 2003
--5I6of5zJg18YgZEa
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi,
I am having some confusion with modification detection code (MDC).
I'm using the 1.2.3-cvs version (from the 7th of May) of GnuPG.
I just changed my gpg.conf file and changed from
no-force-v3-sigs
to=20
openpgp
Which should make my signatures/encryptions entirely OpenPGP
compatible.
Unfortunately when I decrypt anything I get the following warning:
gpg: WARNING: message was not integrity protected
I don't get the warning when I go back to no-force-v3-sigs.
This isn't an issue with my key (AFAIK) as I generated (another) test
key which has the following preferences:
Command> showpref
pub 1024D/6DA6A7C3 created: 2003-05-20 expires: never trust: u/u
(1). Test Key
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA1, RIPEMD160
Compression: ZLIB, ZIP, Uncompressed
Features: MDC
=20
The command I used for my testing was:
gpg --armor -u 6DA6A7C3 --sign --output msg1.asc --encrypt -r 6DA6A7C3 msg
(i.e. sign and encrypt to self...)
My gpg.conf is
***********************************************************
#no-force-v3-sigs
openpgp
keyserver x-hkp://wwwkeys.eu.pgp.net
keyserver-options honor-http-proxy
no-secmem-warning
set-policy-url http://www.liv.ac.uk/~svwright/security/gpg-policy.html
show-policy-url
***********************************************************
Any ideas???
Cheers,
S.
--=20
OpenPGP: It's not just a good idea, it's a Human Right!
--5I6of5zJg18YgZEa
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)
iH8EARECAD8FAj7KQLM4Gmh0dHA6Ly93d3cubGl2LmFjLnVrL35zdndyaWdodC9z
ZWN1cml0eS9ncGctcG9saWN5Lmh0bWwACgkQaBqfzTXbdHKgawCfcRKjjEGMj5Z7
dSvy3H1UfIn0U2AAn2yoyulGtuGpfCOrgW5VokFcKVsP
=E2n1
-----END PGP SIGNATURE-----
Signature policy: http://www.liv.ac.uk/~svwright/security/gpg-policy.html
--5I6of5zJg18YgZEa--