1.9.3-cvs and symmetric encryption: no integrity protection?

Simon Josefsson jas at extundo.com
Tue Jan 6 23:04:29 CET 2004


Symmetric decryption doesn't seem to propagate failed integrity checks
to the caller in 1.9.x?

jas at latte:~$ gpg --version
Secure memory is not locked into core
gpg (GnuPG) 1.9.3-cvs
...
jas at latte:~$ gpg < hemlis.gpg
Secure memory is not locked into core
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: 3DES encrypted data
gpg: gpg-agent is not available in this session
fnord
gpg: [don't know]: invalid packet (ctb=68)
gpg: [don't know]: invalid packet (ctb=65)
gpg: WARNING: message was not integrity protected
gpg: [don't know]: invalid packet (ctb=6d)
jas at latte:~$ echo $?
0

GnuPG 1.2 seems to work fine:

jas at latte:~$ /usr/bin/gpg --version
gpg (GnuPG) 1.2.3
...
jas at latte:~$ /usr/bin/gpg < hemlis.gpg
gpg: 3DES encrypted data
fnord
gpg: [don't know]: invalid packet (ctb=68)
gpg: [don't know]: invalid packet (ctb=65)
gpg: WARNING: message was not integrity protected
gpg: [don't know]: invalid packet (ctb=6d)
jas at latte:~$ echo $?
2
jas at latte:~$

In case you want to experiment, the hemlis.gpg is attached.  The
password is 'fff'.

Thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hemlis.gpg
Type: application/octet-stream
Size: 51 bytes
Desc: not available
Url : /pipermail/attachments/20040106/426cca58/hemlis.obj


More information about the Gnupg-devel mailing list