More questions about: "gpg: WARNING: message was not integrity protected"

Trevor Smith trevor at
Sun Apr 9 20:27:17 CEST 2006

Some time ago there were questions about the warning message:

gpg: WARNING: message was not integrity protected

that gpg outputs when decrypting *some* symmetrically encrypted  
texts. Werner Koch wrote in

> That message is on purpose to remind people that they should use the
> MDC feature.  MDC is automagically handled through the preferences
> system but with symmetrical only encrypted mails we don't have them
> and thus we need to print the warning in all cases.

I have some questions about this:

1. How is MDC enabled? I cannot find a setting (I'm using Mac OS X  
and my man pages are mysteriously missing). There is no (commented  
out) option for MDC in my gpg.conf file.

2. I have observed that by switching my cipher-algo from the default,  
CAST5, to AES256 (or any variant of AES, if I recall correctly), the  
warning goes away. Why?

3. Werner implies that the warning is only generated for  
symmetrically encrypted emails but I have noticed that an email from  
my girlfriend, signed and encrypted to my public key will display  
this warning, when decrypted/verified from the command line. However,  
a message that I encrypt to myself then decrypt on the command line  
does *not* display it. Is this, again, because I have my default  
cipher-algo set to AES256 in my gpg.conf file while my girlfriend is  
using the default (CAST5)?

4. All this gives the impression that CAST5 suffers from a weakness  
that AES256 does not. Is this true?

Trevor Smith
trevor at

More information about the Gnupg-users mailing list