Question about: "gpg: WARNING: message was not integrity protected"

Scholz Ulrich scholz at
Tue Oct 19 13:33:04 CEST 2004

Hi everybody.  I'm using gnupg 1.2.2.

When I encode a file with 

    gpg -c -s <file>

and decode it with

    gpg --decode <file>.gpg

I get the message: 

    gpg: WARNING: message was not integrity protected

Why? The FAQ says: "There is a small security glitch in the OpenPGP (and
therefore GnuPG) system; to avoid this you should always sign and encrypt a
message instead of only encrypting it."

I did sing the file.  Did I?

And in another posting I read: "This isn't true any longer.  OpenPGP now has
the MDC protection.  Both GnuPG and PGP support it.  MDC can be turned off
manually, or if you encrypt to a key that doesn't support it, it is switched
off automatically, but in general it is on."

So why do I still get this message?  And what does it tell me?  Am I doing
something wrong here?

Thank you, Uli

Ulrich Scholz

scholz at

More information about the Gnupg-users mailing list