>> We hesitate to require the MDC also for old algorithms (3DES, CAST5> >> because a lot of data has been encrypted using them in the first >> years of OpenPGP. > > So if someone sends me a 3DES-encrypted mail it won't check the MDC? > Doesn't gpg still support reading 3DES?
Let's try it and find out. :) PS C:\Users\rjh> gpg --recipient 0xB44427C7 --cipher-algo 3DES --disable-mdc --encrypt --sign foo.cc gpg: 0xB44427C7: skipped: public key already present gpg: WARNING: encrypting without integrity protection is dangerous PS C:\Users\rjh> gpg foo.cc.gpg gpg: WARNING: no command supplied. Trying to guess what you mean ... gpg: encrypted with 256-bit ECDH key, ID AA24CC81B8AED08B, created 2017-04-05 "Robert J. Hansen <r...@sixdemonbag.org>" File 'foo.cc' exists. Overwrite? (y/N) y gpg: Signature made 05/14/18 05:40:46 Eastern Daylight Time gpg: using EDDSA key 4BF2042AE28F62B81736E8CBA83CAE94D3DC3873 gpg: Good signature from "Robert J. Hansen <r...@sixdemonbag.org>" [ultimate] gpg: aka "Robert J. Hansen <r...@enigmail.net>" [ultimate] gpg: aka "Robert J. Hansen <rob@hansen.engineering>" [ultimate] gpg: WARNING: message was not integrity protected ... Yep, GnuPG will warn you the message was not integrity protected. Your email client should see this warning and refuse to render the message.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users