More questions about: "gpg: WARNING: message was not integrity protected"

Trevor Smith trevor at
Mon Apr 10 04:11:48 CEST 2006

On 9-Apr-06, at 7:28 PM, David Shaw wrote:
> MDC can be forced on via --force-mdc.  As Werner said, the preference

Excellent. So, the follow-up question is, should one use this option  
for files symmetrically encrypted for long-term storage (like if  
burned to a CD)?

> system will automatically handle this for public key encryption.  For
> symmetric encryption (which has no preference system), you can use
> --force-mdc if you want a MDC.

Can you briefly explain this "preference system"? As in, does this  
mean a given public key may/will have a preference for some algo  
stored in it and when my copy of GPG attempts to encrypt to that  
public key, it uses that symmetric cipher (when possible)?

> In an effort to increase the use of MDC, it was noted that all
> implementations that could handle AES could also handle MDC.  Thus,
> using any AES (or TWOFISH) turns the MDC flag on for you.

Ah, great! So there are at least two benefits of using AES over CAST5  
then (larger keyspace and MDC turned on).

> It is, but this is not a complete answer.  Neither of you should have
> a cipher-algo set in your gpg.conf file.  If you do, you're fighting
> against all the automatic parts of the system.  Let GPG do what it is

Fair enough. I had set it because I was archiving some things for  
long-term storage and discovered it was defaulting to CAST5 and  
thought, why not use the largest keyspace I can?

But your point is taken, because I understand now that I was also  
forcing asymmetric encryption to use AES256 as the session cipher,  
which might cause problems.

Then again, if I send emails that I might not want people to decrypt  
5 or 10 years from now, would I want session ciphers to be defaulting  
to AES256 instead of CAST5? Why is this the default?

Trevor Smith
trevor at

More information about the Gnupg-users mailing list