How to validate encryption

Werner Koch wk at gnupg.org
Fri Aug 12 12:49:16 CEST 2011


On Thu, 11 Aug 2011 15:47, Amarjeet.Yadav at gs.com said:

> We have requirement where we would like to check for encrypted file
> its valid or not before decrypting it.

You mean whether it has been tampered with?  You can't do that without
decrypting it.  GPG checks that the decrypted file is valid - usually
by checking the signature but if it is not signed gpg checks the MDC
(modification check code - a kind of checksum).

Of course you could use a detached signature (or a hash digest of the
file convoyed via a second channel) to detect modification before
processing the file.  However the entire file needs to be processed in
any case.  Thus if modifications are rare it would take longer to check
the file first and then do the encryption which does yet another check.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list