Efail or OpenPGP is safer than S/MIME
Robert J. Hansen
rjh at sixdemonbag.org
Mon May 14 11:42:19 CEST 2018
>> We hesitate to require the MDC also for old algorithms (3DES, CAST5>
>> because a lot of data has been encrypted using them in the first
>> years of OpenPGP.
>
> So if someone sends me a 3DES-encrypted mail it won't check the MDC?
> Doesn't gpg still support reading 3DES?
Let's try it and find out. :)
PS C:\Users\rjh> gpg --recipient 0xB44427C7 --cipher-algo 3DES
--disable-mdc --encrypt --sign foo.cc
gpg: 0xB44427C7: skipped: public key already present
gpg: WARNING: encrypting without integrity protection is dangerous
PS C:\Users\rjh> gpg foo.cc.gpg
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: encrypted with 256-bit ECDH key, ID AA24CC81B8AED08B, created
2017-04-05
"Robert J. Hansen <rjh at sixdemonbag.org>"
File 'foo.cc' exists. Overwrite? (y/N) y
gpg: Signature made 05/14/18 05:40:46 Eastern Daylight Time
gpg: using EDDSA key 4BF2042AE28F62B81736E8CBA83CAE94D3DC3873
gpg: Good signature from "Robert J. Hansen <rjh at sixdemonbag.org>" [ultimate]
gpg: aka "Robert J. Hansen <rob at enigmail.net>" [ultimate]
gpg: aka "Robert J. Hansen <rob at hansen.engineering>"
[ultimate]
gpg: WARNING: message was not integrity protected
... Yep, GnuPG will warn you the message was not integrity protected.
Your email client should see this warning and refuse to render the message.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180514/9ee8ba85/attachment.sig>
More information about the Gnupg-users
mailing list