Could not decrypt the data: Data is not integrity protected. Decrypting it could be a security problem. (no MDC)
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	cdeibert
	May 21 2019, 3:26 PM

Description

Hi there, I know this a topic since gpg4win-3.1.2 onwards, but I still struggle: GpgOL tells me "Could not decrypt the data: Data is not integrity protected. Decrypting it could be a security problem. (no MDC)" with encrypted emails with gpg4win-3.1.1 (and older).

What is important for me to being able to decrypt e-Mails within Outlook 2016. I tried "ignore-mdc-error" in "%appdata\gnupg\gnupg.conf" without success (is this still supposed to work?).

One of the problematic senders public key-output:
C:\> gpg --edit-key some.email@somedomain.com

pub dsa1024/xxxxxxxxxxxxxxxx

erzeugt: 2001-08-11  verfällt: niemals     Nutzung: SCA
Vertrauen: vollständig   Gültigkeit: vollständig

sub elg3072/dsa1024/xxxxxxxxxxxxxxxx

erzeugt: 2001-08-11  verfällt: niemals     Nutzung: E

[vollständig] (1). Some Body <some.email@somedomain.com>
[vollständig] (2) Some Body <some.email@somedomain.com
[vollständig] (3) Some Body <some.email@somedomain.com>

gpg> showpref
[vollständig] (1). Some Body <some.email@somedomain.com>

Verschlü.: AES256, AES192, AES, CAST5, 3DES
Digest: SHA1, SHA256, RIPEMD160
Komprimierung: ZLIB, BZIP2, ZIP, nicht komprimiert
Eigenschaften: MDC, Keyserver no-modify

[vollständig] (2) Some Body <some.email@somedomain.com

Verschlü.: AES256, AES192, AES, CAST5, 3DES
Digest: SHA1, SHA256, RIPEMD160
Komprimierung: ZLIB, BZIP2, ZIP, nicht komprimiert
Eigenschaften: MDC, Keyserver no-modify

[vollständig] (3) Some Body <some.email@somedomain.com>

Verschlü.: AES256, AES192, AES, CAST5, 3DES
Digest: SHA1, SHA256, RIPEMD160
Komprimierung: ZLIB, BZIP2, ZIP, nicht komprimiert
Eigenschaften: MDC, Keyserver no-modify

So I see "MDC" - still cannot decrypt.

Thanks,
Carsten

Details

Version: gpg4win-3.1.7/GpgOL 2.3.3/Outlook 2016

Event Timeline

cdeibert created this task.May 21 2019, 3:26 PM

Do you know which software the sender uses for encryption? That software may simply ignore the preferences or the sender also encrypts to a legacy key using a software which does not force the use of an MDC. Sometimes keys are generated with gpg but used with other software - without updating the preferences of the keys.

Yes, very exactly indeed: It's GPgOL within gpg4win-3.1.1... ;) But you're right, the key itself is a legacy key, created back in 2001 with a commercial PGP Solution and later on the key was "spiced up" cipher-wise...Goal ist to get everybody (also the sender) to gpg4win-3.1.7, but how can I achive not having lots of eMails which one will never be able to decrypt?

You need to update the public key and convey it to the sender. This will solve the problems. You should also ask the sender to update their software so that an MDC is always used regardless of the flag.

Could not decrypt the data: Data is not integrity protected. Decrypting it could be a security problem. (no MDC)Closed, ResolvedPublicActions

Description

Details

Event Timeline

Could not decrypt the data: Data is not integrity protected. Decrypting it could be a security problem. (no MDC)
Closed, ResolvedPublic
Actions