GPG warning for integrity protection
David Shaw
dshaw at jabberwocky.com
Thu May 1 19:47:32 CEST 2008
On May 1, 2008, at 1:21 PM, Meenal Pant wrote:
> Hello all,
> When I decrypt a message I sometimes see this warning:
>
> gpg: WARNING: message was not integrity protected
>
> I read through the Open PGP RFC and understood that using MDC ensures
> message integrity for encrypted messages. If I use MDC to encrypt
> messages this warning will go away.
>
> How can I use MDC for Public Key Encryption ? Does the key have an MDC
> flag that needs to be set during key generation ?
Basically, yes.
There is a flag on a key that tells GPG that is it safe to use the
MDC. If that flag isn't there, GPG doesn't use MDC as it doesn't know
if the recipient can handle it. (There are some exceptions to this
rule, but it is basically true).
To check if your key has the preference, run "gpg --edit-key
(yourkey)" and then "showpref". MDC, if enabled, will be on the line
marked "Features". To enable MDC on a key that doesn't have it, you
can use "setpref", which allows you to set all your preferences for
that key (cipher prefs, hash prefs, compression prefs, MDC, etc).
David
More information about the Gnupg-users
mailing list