MDC confusion

Stewart V. Wright svwright+list@amtp.liv.ac.uk
Mon May 26 11:36:53 2003


--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

(Apologies if this appears twice.  Problems with my mail server at
 the moment.)

Hi,

I am having some confusion with modification detection code (MDC).

I'm using the 1.2.3-cvs version (from the 7th of May) of GnuPG.

I just changed my gpg.conf file and changed from
  no-force-v3-sigs
to=20
  openpgp

Which should make my signatures/encryptions entirely OpenPGP
compatible.

Unfortunately when I decrypt anything I get the following warning:
  gpg: WARNING: message was not integrity protected

I don't get the warning when I go back to no-force-v3-sigs.


This isn't an issue with my key (AFAIK) as I generated (another) test
key which has the following preferences:

  Command> showpref
  pub  1024D/6DA6A7C3  created: 2003-05-20 expires: never      trust: u/u
  (1). Test Key
       Cipher: AES256, AES192, AES, CAST5, 3DES
       Digest: SHA1, RIPEMD160
       Compression: ZLIB, ZIP, Uncompressed
       Features: MDC
 =20
The command I used for my testing was:

  gpg --armor -u 6DA6A7C3 --sign --output msg1.asc --encrypt -r 6DA6A7C3 msg

(i.e. sign and encrypt to self...)


My gpg.conf is

***********************************************************

#no-force-v3-sigs
openpgp

keyserver x-hkp://wwwkeys.eu.pgp.net
keyserver-options honor-http-proxy

no-secmem-warning

set-policy-url http://www.liv.ac.uk/~svwright/security/gpg-policy.html
show-policy-url
***********************************************************


Any ideas???


Cheers,

S.

--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)

iH8EARECAD8FAj7LiAk4Gmh0dHA6Ly93d3cubGl2LmFjLnVrL35zdndyaWdodC9z
ZWN1cml0eS9ncGctcG9saWN5Lmh0bWwACgkQaBqfzTXbdHLOIwCgp/9h+DeToTVY
jvVHo+btdh6fLkAAnRjhhsrWm0HOH7GAuX7NvFCHW+J9
=QU4Y
-----END PGP SIGNATURE-----
Signature policy: http://www.liv.ac.uk/~svwright/security/gpg-policy.html

--EVF5PPMfhYS0aIcm--