Feature suggestion: options to require MDC or trusted signature on decryption
Patrick Brunschwig
patrick at enigmail.net
Thu May 31 17:05:33 CEST 2018
On 31.05.18 16:51, Patrick Brunschwig wrote:
> On 31.05.18 13:28, Werner Koch wrote:
>> On Tue, 29 May 2018 08:14, patrick at enigmail.net said:
>>
>>> Enigmail fails with this since about two weeks, also for older versions
>>> of GnuPG. I had a number of bug reports/support requests since then, but
>>> overall it was less than I feared. Some people still have very old keys.
>>
>> Good. Today I pushed changes for 2.2.8 which will now always require
>> the MDC and which will print a hint in case an old cipher algorithm is
>> the cause for the missing MDC:
>>
>> gpg: WARNING: message was not integrity protected
>> gpg: Hint: If this message was created before the year 2003 it is
>> likely that this message is legitimate. This is because back
>> then integrity protection was not widely used.
>> gpg: Use the option '--ignore-mdc-error' to decrypt anyway.
>> [GNUPG:] ERROR nomdc_with_legacy_cipher 152
>> gpg: decryption forced to fail!
>> [GNUPG:] DECRYPTION_FAILED
>> [GNUPG:] END_DECRYPTION
>
> Great, thanks!
>
> May I suggest that for GnuPG 2.3 you implement some more rules? For example:
> * refuse encrypting emails if MDC is not enabled in the key prefs
s/emails/anything/ -- GnuPG is not only for emails ;-)
> * remove options like --ignore-mdc-error, --ignore-mdc-warning and
> --allow-multiple-messages, or at least require them to be combined
> with something like --dangerous-options
-Patrick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180531/61fdf7fe/attachment.sig>
More information about the Gnupg-devel
mailing list