On Thu, 17 May 2018 11:21, luk...@gpgtools.org said: > Is there any particular reason why these have not been added to > doc/DETAILS?
They don't make much sense. I can't remember why I added them. > If we check for DECRYPTION_INFO 0 X (0 being NO MDC) and the > BADMDC status line (in addition to DECRYPTION_FAILED), can we > safely assume that all known cases of no MDC or modified MDC are > covered (even for CAST5, which at the moment issues DECRYPTION_OKAY)? Yes, but read on: Ignore the BADMDC; it is not needed. You will get a DECRYPTION_FAILED if the MDC is broken. However, it does not catch the case for a MISSING MDC (that is the use of a non-MDC enryption packet). The MDC can be stripped and also the plaintext will then be partly garbled we need to detect this. gpg detect this for all modern cipher algorithsm (ie. AES and Camellia) and gibes a DECRYPTION_FAILED. For backward compatibility reasons I fear to extend this in 2.2 to the old algorithms. If you parse DECRYTPION_INFO beplease consider that its current defineion (in master) is: *** DECRYPTION_INFO <mdc_method> <sym_algo> [<aead_algo>] Print information about the symmetric encryption algorithm and the MDC method. This will be emitted even if the decryption fails. For an AEAD algorithm AEAD_ALGO is not 0. GPGSM currently does not print such a status. The important print is that MDC_METHOD will be 0 with the forthcoming AEAD algorithm. Thus you need to check whether 3rd argument is there. mdc_method = atoi(arg_1) aead_algo = have_3_args? atoi(arg_3) : 0 if (!mdc_method && !aeadalgo) return DECRYPTION_FAILED That is what I implement in GPGME this morning. Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupgfirstname.lastname@example.org http://lists.gnupg.org/mailman/listinfo/gnupg-users