Efail or OpenPGP is safer than S/MIME

Sebastian Reuße seb at wirrsal.net
Mon May 14 12:36:22 CEST 2018

rjh at sixdemonbag.org (Robert J. Hansen) writes:

>>> We hesitate to require the MDC also for old algorithms (3DES, CAST5>
>>> because a lot of data has been encrypted using them in the first
>>> years of OpenPGP.

>> So if someone sends me a 3DES-encrypted mail it won't check the MDC?
>> Doesn't gpg still support reading 3DES?

> Let's try it and find out.  :)
> ... Yep, GnuPG will warn you the message was not integrity protected.
> Your email client should see this warning and refuse to render the message.

I notice that the command currently succeeds, albeit with a warning.
Would it make sense to have GnuPG return a non-zero exit code in case
some MUA does not parse these warnings, or in case it does parse them
but proceeds to use the result?

Alternatively, perhaps invoking gpg for decryption could honor some
command-line switch or gpg.conf option to turn some or all warnings into
hard errors.

Kind regards,

More information about the Gnupg-users mailing list