Re: Missing 'END PGP MESSAGE' not detected
On Jan 19, 2011, at 10:46 AM, Kavalec wrote: Using GnuPG 1.4.4 we occasionally receive truncated files, but gpg decrypts them anyway. Is there a way to force the decrypt to fail on a missing 'END PGP MESSAGE' ? Not really (or at least, not within GnuPG). The thing is, it doesn't really matter in practice. OpenPGP has its own corruption detection called a MDC, that applies even if part of the armor (the END PGP MESSAGE) is missing. A truncated message won't decrypt. MDC is turned on by default, but it is worth checking to confirm there isn't something switching it off. To do this, take one of your truncated files and run: gpg --list-packets the-truncated-file.asc Look for a line that reads mdc_method: 2. If you see that, you are protected from truncation no matter what your transport system does. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Missing 'END PGP MESSAGE' not detected
David Shaw wrote: On Jan 19, 2011, at 10:46 AM, Kavalec wrote: Is there a way to force the decrypt to fail on a missing 'END PGP MESSAGE' ? ... take one of your truncated files and run: gpg --list-packets the-truncated-file.asc Look for a line that reads mdc_method: 2. If you see that, you are protected from truncation no matter what your transport system does. David Thanks David, that does give a 'fatal' error indicator, which we can test for. -- View this message in context: http://old.nabble.com/Missing-%27END-PGP-MESSAGE%27-not-detected-tp30711102p30711942.html Sent from the GnuPG - User mailing list archive at Nabble.com. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Missing 'END PGP MESSAGE' not detected
On Jan 19, 2011, at 12:09 PM, Kavalec wrote: David Shaw wrote: On Jan 19, 2011, at 10:46 AM, Kavalec wrote: Is there a way to force the decrypt to fail on a missing 'END PGP MESSAGE' ? ... take one of your truncated files and run: gpg --list-packets the-truncated-file.asc Look for a line that reads mdc_method: 2. If you see that, you are protected from truncation no matter what your transport system does. David Thanks David, that does give a 'fatal' error indicator, which we can test for. You can either use --status-fd and look for: [GNUPG:] GOODMDC or [GNUPG:] BADMDC Or just check the return code from the gpg binary. If it fails (for whatever reason), the return code won't be zero. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Missing 'END PGP MESSAGE' not detected
On Wed, 19 Jan 2011 17:46, ds...@jabberwocky.com said: Not really (or at least, not within GnuPG). The thing is, it doesn't really matter in practice. OpenPGP has its own corruption detection called a MDC, that applies even if part of the armor (the END PGP MESSAGE) is missing. A truncated message won't decrypt. In addition all armored PGP messages use CRC for the armor. GPG complains about a missing or invalid CRC (unless option --ignore-crc-error) is used. In such a case the return code will always be nonzero. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Missing 'END PGP MESSAGE' not detected
On Jan 19, 2011, at 1:20 PM, Werner Koch wrote: On Wed, 19 Jan 2011 17:46, ds...@jabberwocky.com said: Not really (or at least, not within GnuPG). The thing is, it doesn't really matter in practice. OpenPGP has its own corruption detection called a MDC, that applies even if part of the armor (the END PGP MESSAGE) is missing. A truncated message won't decrypt. In addition all armored PGP messages use CRC for the armor. GPG complains about a missing or invalid CRC (unless option --ignore-crc-error) is used. In such a case the return code will always be nonzero. If I remember correctly, GPG only complains for invalid CRC. A missing CRC is legal, as the CRC is a MAY. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Missing 'END PGP MESSAGE' not detected
On Wed, 19 Jan 2011 19:32, ds...@jabberwocky.com said: If I remember correctly, GPG only complains for invalid CRC. A missing CRC is legal, as the CRC is a MAY. I checked the code and there is a missing CRC message. I also recalled the the CRC is may. Looking again at it I noticed that I overlooked a one condition (the one which indicates that a CRC follows). Thus you are right, the CRC is optional. In any case the whole CRC and =END PGP... is not relevant from a cryptographic point of view. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
