Page MenuHome GnuPG

luc (luc)
User

Projects

User does not belong to any projects.

User Details

User Since
May 27 2018, 12:01 PM (304 w, 5 d)
Availability
Available

Recent Activity

May 29 2018

luc added a comment to T3997: After tampering, a file still decrypts and returns incorrect plaintext, rather than giving an error.

The primary function of those other tools is not securely encrypting data. If the message is too large to keep in memory at once, then there is indeed no choice to process it as a stream, but users should be aware of this. Perhaps a flag can be used, along the lines of --stream-without-verification? The man page could explain: "GPG computes an MDC over the whole message, so it can only check at the end whether the message was tampered with. This flag can be used to stream the output, so that the entire message does not have to be kept in memory. You must check the exit status to verify that decryption was successful and that the message was not tampered with, because with this flag, the data returned by GPG may be incorrect or even malicious. If the exit status is zero, then the MDC is correct and the message was not tampered with."

May 29 2018, 5:13 PM · Bug Report

May 28 2018

luc created T3997: After tampering, a file still decrypts and returns incorrect plaintext, rather than giving an error.
May 28 2018, 8:55 PM · Bug Report