More questions about: "gpg: WARNING: message was not integrity
protected"
Trevor Smith
trevor at haligonian.com
Sun Apr 9 20:27:17 CEST 2006
Some time ago there were questions about the warning message:
gpg: WARNING: message was not integrity protected
that gpg outputs when decrypting *some* symmetrically encrypted
texts. Werner Koch wrote in
http://lists.gnupg.org/pipermail/gnupg-users/2004-October/023500.html
that:
> That message is on purpose to remind people that they should use the
> MDC feature. MDC is automagically handled through the preferences
> system but with symmetrical only encrypted mails we don't have them
> and thus we need to print the warning in all cases.
I have some questions about this:
1. How is MDC enabled? I cannot find a setting (I'm using Mac OS X
and my man pages are mysteriously missing). There is no (commented
out) option for MDC in my gpg.conf file.
2. I have observed that by switching my cipher-algo from the default,
CAST5, to AES256 (or any variant of AES, if I recall correctly), the
warning goes away. Why?
3. Werner implies that the warning is only generated for
symmetrically encrypted emails but I have noticed that an email from
my girlfriend, signed and encrypted to my public key will display
this warning, when decrypted/verified from the command line. However,
a message that I encrypt to myself then decrypt on the command line
does *not* display it. Is this, again, because I have my default
cipher-algo set to AES256 in my gpg.conf file while my girlfriend is
using the default (CAST5)?
4. All this gives the impression that CAST5 suffers from a weakness
that AES256 does not. Is this true?
--
Trevor Smith
trevor at haligonian.com
More information about the Gnupg-users
mailing list