Question about: "gpg: WARNING: message was not integrity protected"
Scholz Ulrich
scholz at informatik.tu-darmstadt.de
Tue Oct 19 13:33:04 CEST 2004
Hi everybody. I'm using gnupg 1.2.2.
When I encode a file with
gpg -c -s <file>
and decode it with
gpg --decode <file>.gpg
I get the message:
gpg: WARNING: message was not integrity protected
Why? The FAQ says: "There is a small security glitch in the OpenPGP (and
therefore GnuPG) system; to avoid this you should always sign and encrypt a
message instead of only encrypting it."
I did sing the file. Did I?
And in another posting I read: "This isn't true any longer. OpenPGP now has
the MDC protection. Both GnuPG and PGP support it. MDC can be turned off
manually, or if you encrypt to a key that doesn't support it, it is switched
off automatically, but in general it is on."
So why do I still get this message? And what does it tell me? Am I doing
something wrong here?
Thank you, Uli
--
Ulrich Scholz
scholz at informatik.tu-darmstadt.de
http://www.intellektik.informatik.tu-darmstadt.de/~scholz
More information about the Gnupg-users
mailing list