Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: GnuPG: users

gpg: WARNING: message was not integrity protected - MDC

 

 

GnuPG users RSS feed   Index | Next | Previous | View Threaded


per.hopstadius at logica

Jan 31, 2013, 5:29 AM

Post #1 of 3 (714 views)
Permalink
gpg: WARNING: message was not integrity protected - MDC

Hi

This has been discussed before and I have an question referring to this.
Short summary:

A customer encrypts data with our public key, we receive the file and we
attempt to decrypt it. The decrypt step seems to work but we get a warning
message while validating the file (gpg: WARNING: message was not integrity
protected). The question is how to avoid the warning message.

After reading the forum I believe this has to do with mdc, that mdc is not
forced in this case and that is causing the warning message.

I would like to know how you enable mdc. Do I tell the customer to force mdc
or is that controlled from my side, automatic controlled depending on what
cipher method I use?
We run GPG version 1.4.9 and customer PGP 7.1
Please advice a noob

Regards,
Dan




--
View this message in context: http://gnupg.10057.n7.nabble.com/gpg-WARNING-message-was-not-integrity-protected-MDC-tp29533.html
Sent from the GnuPG - User mailing list archive at Nabble.com.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


dshaw at jabberwocky

Jan 31, 2013, 12:41 PM

Post #2 of 3 (665 views)
Permalink
Re: gpg: WARNING: message was not integrity protected - MDC [In reply to]

On Jan 31, 2013, at 8:29 AM, perhop <per.hopstadius [at] logica> wrote:

> Hi
>
> This has been discussed before and I have an question referring to this.
> Short summary:
>
> A customer encrypts data with our public key, we receive the file and we
> attempt to decrypt it. The decrypt step seems to work but we get a warning
> message while validating the file (gpg: WARNING: message was not integrity
> protected). The question is how to avoid the warning message.
>
> After reading the forum I believe this has to do with mdc, that mdc is not
> forced in this case and that is causing the warning message.
>
> I would like to know how you enable mdc. Do I tell the customer to force mdc
> or is that controlled from my side, automatic controlled depending on what
> cipher method I use?
> We run GPG version 1.4.9 and customer PGP 7.1

Note that the message you see is just a warning. It does not affect decryption - it's just telling you that the sender didn't protect the message.

There are several ways to enable MDC. The most common way is a flag on your key that instructs the customer's PGP to enable MDC (i.e. "I can handle MDC, so you're free to use it"). So the first thing you should do is check your key to see if it has the MDC flag on it. To do this, run:

gpg --edit-key (yourkey)

and enter "showpref" at the prompt. The final line is "Features". If "MDC" is on that line, then you have the MDC flag, and anyone communicating with you should use a MDC if they support it. That said, I see that your customer is using PGP 7.1, which is incredibly old at this point. I don't recall offhand if it supports MDC or not (I have a vague recollection that PGP only started supporting it in PGP 8 - which is itself very old at this point).

If your key has the MDC flag, then the problem is most likely that the customer's PGP doesn't support MDC. Since you probably can't upgrade the customer, you can use the --no-mdc-warning on your side. This doesn't change the fact that the message you got isn't protected, but does prevent the warning from being printed.

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users


per.hopstadius at logica

Feb 1, 2013, 12:25 AM

Post #3 of 3 (658 views)
Permalink
Re: gpg: WARNING: message was not integrity protected - MDC [In reply to]

Hi David

Thanks for an excellent answer, that made it much clearer for me
We will check if our key has the MDC flag and see if PGP 7.1 has support for
MDC or not.
If not, then we will to use the --no-mdc-warning

Otherwise we have to enable the MDC flag on our key and replace the old one.

Thanks



--
View this message in context: http://gnupg.10057.n7.nabble.com/gpg-WARNING-message-was-not-integrity-protected-MDC-tp29533p29544.html
Sent from the GnuPG - User mailing list archive at Nabble.com.

_______________________________________________
Gnupg-users mailing list
Gnupg-users [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-users

GnuPG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.