gpg: malformed CRC

vedaal at vedaal at
Thu Aug 5 20:32:53 CEST 2004

>Message: 10
>Date: Thu, 5 Aug 2004 18:34:51 +0300
>From: Seppo Laaksonen <slaakso at>
>Subject: gpg: malformed CRC
>To: gnupg-users at
>Message-ID: <FDE0679F-E6F4-11D8-B159-000393CE2D60 at>
>Content-Type: text/plain; charset=US-ASCII; format=flowed
>On Wed Aug 4 22:09:09 CEST 2004,  vedaal wrote:
>> in general,
>> any armored pgp message that omits the checksum and the footer
>> (both at once) will cause a GnuPG error message of:
>> 'gpg: malformed CRC'
>> and be un-openable in GnuPG,
>> (unless the --ignore-crc-error option is used,
>> in which case, the error message is the same, but GnuPG will decrypt
>> it),
>> but will still be able to be decrypted by PGP,
>> without any error messages.
>thank you very much. Using the option helped opening the messages
>I have not been able to open before.
>Just out of the curiosity, what is the additional protection that
>checksum and the footer does provide? I'm wondering why I should
>use the option by default (or why is it not on by default)? Reading
>from the man-page (now that I'm aware of the option), it seems that
>checksum and the footer are there just to show that message received
>exactly the same as the sent one. However, the content is still

gnupg provides the best solution here, by allowing you to ignore it,

and go ahead and decrypt,
but still informing you of an alteration,

there are some (admittedly far-fetched) spoofs that are prevented by
having the checksum intact:

for example,
let's say that Alice and Bob are corresponding about sensitive issues,

that Alice does not want anyone to know about, especially Alice's problem
acquaintance, Charlie.

it is possible for a middleperson to get Alice upset and Bob in trouble,

by intercepting the message,
and adding another packet of a session key encrypted to Charlie's public
causing Alice to think that Bob simultaneously encrypted to Alice and

neither Bob nor Alice can prove that the packet with the session key
encrypted to Charlie's key, isn't the 'real' session key,
without being able to decrypt with Charlie's key.

this would be prevented by a crc and mdc authentication of the 'real'
message, and not allow any extra spoofing packets to be added.

using the 'ignore' options allows for the convenience in being able to
decrypt messages with simple benign e-mail mangling,
while still allowing for an 'alert' that the message was altered,
and leaving it up to the user to decide if further investigation is necessary,

(and if there are no 'unusual/unexpected' packets, then nothing further
is necessary)


Concerned about your privacy? Follow this link to get
secure FREE email:

Free, ultra-private instant messaging with Hush Messenger

Promote security and make money with the Hushmail Affiliate Program:

More information about the Gnupg-users mailing list