Efail or OpenPGP is safer than S/MIME

Werner Koch wk at gnupg.org
Thu May 17 13:03:02 CEST 2018 

On Thu, 17 May 2018 11:21, lukele at gpgtools.org said:

> Is there any particular reason why these have not been added to
> doc/DETAILS?

They don't make much sense.  I can't remember why I added them.

> If we check for DECRYPTION_INFO 0 X (0 being NO MDC) and the
> BADMDC status line (in addition to DECRYPTION_FAILED), can we
> safely assume that all known cases of no MDC or modified MDC are
> covered (even for CAST5, which at the moment issues DECRYPTION_OKAY)?

Yes, but read on:

Ignore the BADMDC; it is not needed.  You will get a DECRYPTION_FAILED
if the MDC is broken.  However, it does not catch the case for a MISSING
MDC (that is the use of a non-MDC enryption packet).  The MDC can be
stripped and also the plaintext will then be partly garbled we need to
detect this.  gpg detect this for all modern cipher algorithsm (ie. AES
and Camellia) and gibes a DECRYPTION_FAILED.  For backward compatibility
reasons I fear to extend this in 2.2 to the old algorithms.

If you parse DECRYTPION_INFO beplease consider that its current
defineion (in master) is:

*** DECRYPTION_INFO <mdc_method> <sym_algo> [<aead_algo>]
    Print information about the symmetric encryption algorithm and the
    MDC method.  This will be emitted even if the decryption fails.
    For an AEAD algorithm AEAD_ALGO is not 0.  GPGSM currently does
    not print such a status.

The important print is that MDC_METHOD will be 0 with the forthcoming
AEAD algorithm.  Thus you need to check whether 3rd argument is there.

     mdc_method = atoi(arg_1)
     aead_algo = have_3_args? atoi(arg_3) : 0
     if (!mdc_method && !aeadalgo)
        return DECRYPTION_FAILED

That is what I implement in GPGME this morning.


Shalom-Salam,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180517/0dce6eb4/attachment.sig>

More information about the Gnupg-users mailing list