cryptanalysis question: Does knowing some of the content of the message make the full message vulnerable to decryption?

Werner Koch wk at
Fri Jan 31 16:30:34 CET 2014

On Fri, 31 Jan 2014 08:39, micha137 at said:

> you are a legitimate sender. I don't know how gpg does it, in academic
> signature I use an hmac to protect solely symmetrically enciphered

OpenPGP defines a MDC feature to detect tampering with the encrypted
message.  It works by appending the SHA-1 digest to the plaintext and
include it in the encryption process.  On decryption the decrypted
plaintext is hashed again and the digest compared to the just decrypted
digest.  This deliberately works without a key (as in a MAC) to provide
deniability for a encrypted-only message.  The MDC feature is in use for
about 14 years.  RFC-4880 has alo the details.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list