PGP decryption and "built-in" integrity checking?

David Shaw dshaw at jabberwocky.com
Wed Nov 30 07:21:23 CET 2011


On Nov 29, 2011, at 11:53 PM, Joe Tamber wrote:

> Hello all,
> 
> Let's assume a file was encrypted with PGP, and then subsequently transmitted to another system over the internet. 
> During the transmission, one byte from the PGP file was dropped off... the recipient received everything except one byte from this PGP encrypted file.
> 
> When the recipient tries to decrypt the file, would the PGP software detect that there was a data integrity issue and produce an error - or - would it actually output a decrypted file (which I presume would be flawed, since the encrypted source file was missing a byte)?

The encrypted file contains more than just the original data.  There are also various headers and other structure given to the file by OpenPGP.  There is a built in integrity check in OpenPGP called the MDC, which covers the original data.  Any tampering to that "area" of the file will result in an error indicating an MDC failure.  If there is tampering to the OpenPGP structures, it may not cause an MDC error (in your example of a single byte truncation at the end, for example, it won't), but it will most likely cause the file to not parse correctly and thus return a (different) error.

Note that the MDC is on by default, but can be turned off, either via the command line/config file or by a particular key.

David




More information about the Gnupg-users mailing list