Missing 'END PGP MESSAGE' not detected

David Shaw dshaw at jabberwocky.com
Wed Jan 19 17:46:07 CET 2011


On Jan 19, 2011, at 10:46 AM, Kavalec wrote:

> 
> Using GnuPG 1.4.4 we occasionally receive truncated files, but gpg decrypts
> them anyway.
> 
> Is there a way to force the decrypt to fail on a missing 'END PGP MESSAGE' ?

Not really (or at least, not within GnuPG).  The thing is, it doesn't really matter in practice.  OpenPGP has its own corruption detection called a MDC, that applies even if part of the armor (the "END PGP MESSAGE") is missing.  A truncated message won't decrypt.

MDC is turned on by default, but it is worth checking to confirm there isn't something switching it off.  To do this, take one of your truncated files and run:

 gpg --list-packets the-truncated-file.asc

Look for a line that reads "mdc_method: 2".  If you see that, you are protected from truncation no matter what your transport system does.

David




More information about the Gnupg-users mailing list