So why are there different grades of failure? Why is "invalid packet" a less scary error message than "WARNING: message was not integrity protected" when both are equally bad things?
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Jan 15 2026
Jan 15 2026
• werner set External Link to https://gnupg.org/blog/20251226-cleartext-signatures.html on T7900: Cleartext Signature Forgery in GnuPG.
Jan 9 2026
Jan 9 2026
• werner closed T7904: GnuPG may downgrade digest algorithm to SHA1, a subtask of T7900: Cleartext Signature Forgery in GnuPG, as Resolved.
Jan 7 2026
Jan 7 2026
andrewgdotcom added a comment to T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.
• werner added a comment to T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.
Right. And the MDC detects this and only if says okay you get a good decryption status back.
andrewgdotcom added a comment to T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.
This warning shall only show up if a message was really modified and not in case of a simple truncation.
Jan 5 2026
Jan 5 2026
• werner changed the visibility for T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks.
Jan 2 2026
Jan 2 2026
(Testing for now for better visibility. Real or Semi-real bugs with fixes are already set to Resolved)
• werner changed the status of T7902: OpenPGP Cleartext Signature Framework, a subtask of T7900: Cleartext Signature Forgery in GnuPG, from Open to Testing.
• werner closed T7903: Multiple Plaintext Attack on Detached PGP Signatures in GnuPG, a subtask of T7900: Cleartext Signature Forgery in GnuPG, as Resolved.
• werner changed the status of T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks, a subtask of T7900: Cleartext Signature Forgery in GnuPG, from Open to Testing.
• werner changed the status of T7907: Encrypted Message Malleability Checks are Incorrectly Enforced Causing Plaintext Recovery Attacks from Open to Testing.
The described attack is not easy to understand and as of today the
gpg.fail website seems to have the same content as the draft we
received on 2025-10-23. There it states:
Dec 30 2025
Dec 30 2025
• werner closed T7906: Memory Corruption in ASCII-Armor Parsing, a subtask of T7900: Cleartext Signature Forgery in GnuPG, as Resolved.
Dec 29 2025
Dec 29 2025
• werner changed the status of T7901: Cleartext Signature Forgery in NotDashEscaped header implementation in GnuPG, a subtask of T7900: Cleartext Signature Forgery in GnuPG, from Open to Testing.
• werner triaged T7903: Multiple Plaintext Attack on Detached PGP Signatures in GnuPG as Normal priority.
Note using the output of --decrypt directly on the tty is a Bad Idea(tm). You won't cat arbitrary files to your tty for the same reason.
• werner edited projects for T7902: OpenPGP Cleartext Signature Framework, added: FAQ, OpenPGP, Not A Bug; removed g10code, Bug Report.
https://gnupg.org/blog/20251226-cleartext-signatures.html explains why we have cleartext signatures and how you properly use them. The suggestion of the reporters to remove them entirely is a no-go because there are too many systems (open source or in-house) which rely on that format. If properly used (i.e. using --output to get the signed text) there is no problem. Anyway the suggestion has always been to use detached signatures using two files or PGP/MIME).