Missing 'END PGP MESSAGE' not detected

David Shaw dshaw at jabberwocky.com
Wed Jan 19 19:32:00 CET 2011

On Jan 19, 2011, at 1:20 PM, Werner Koch wrote:

> On Wed, 19 Jan 2011 17:46, dshaw at jabberwocky.com said:
>> Not really (or at least, not within GnuPG).  The thing is, it doesn't
>> really matter in practice.  OpenPGP has its own corruption detection
>> called a MDC, that applies even if part of the armor (the "END PGP
>> MESSAGE") is missing.  A truncated message won't decrypt.
> In addition all armored PGP messages use CRC for the armor.  GPG
> complains about a missing or invalid CRC (unless option
> --ignore-crc-error) is used.  In such a case the return code will always
> be nonzero.

If I remember correctly, GPG only complains for invalid CRC.  A missing CRC is legal, as the CRC is a MAY.


More information about the Gnupg-users mailing list