From mboxrd@z Thu Jan 1 00:00:00 1970 From: Gregor Zattler Subject: do not ignore mdc errors on a permanent basis (was: org-crypt broken on Ubuntu 18.04) Date: Fri, 27 Jul 2018 00:12:23 +0200 Message-ID: <87pnz9pry0.fsf@len.workgroup> References: <87bmceeh0x.fsf@telefonica.net> <878t5ytdiw.fsf@telefonica.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:47168) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fioVI-00077D-H5 for emacs-orgmode@gnu.org; Thu, 26 Jul 2018 18:13:01 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fioVE-0005sZ-G8 for emacs-orgmode@gnu.org; Thu, 26 Jul 2018 18:13:00 -0400 Received: from mout.gmx.net ([212.227.17.21]:48437) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fioVE-0005pc-5K for emacs-orgmode@gnu.org; Thu, 26 Jul 2018 18:12:56 -0400 Received: from len.workgroup ([84.185.108.99]) by mail.gmx.com (mrgmx101 [212.227.17.168]) with ESMTPSA (Nemesis) id 0LvyAz-1g46wK3gA1-017kJI for ; Fri, 27 Jul 2018 00:12:53 +0200 In-Reply-To: <878t5ytdiw.fsf@telefonica.net> List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org Sender: "Emacs-orgmode" To: emacs-orgmode@gnu.org Hi =C3=93scar, * =C3=93scar Fuentes [2018-07-26; 13:57]: > For the record: executing gpg2 from the command line is revealing: > > gpg: WARNING: message was not integrity protected > gpg: Hint: If this message was created before the year 2003 it is > likely that this message is legitimate. This is because back > then integrity protection was not widely used. > gpg: Use the option '--ignore-mdc-error' to decrypt anyway. > gpg: decryption forced to fail! > > The solution is to add `ignore-mdc-error' to ~/.gnupg/gpg.conf. I hope you'll do this only as a temporary meassure. Your could decrypt and re-encrypt the org-crypt parts in question iff you are sure, they were encrypted years ago and their contents is ok. But having this option in ~/.gnupg/gpg.conf otherwise weakens the security of GnuPG usage considerably. >From the gpg man page: --ignore-mdc-error This option changes a MDC integrity protection failure into a warning. This can be useful if a message is partially corrupt, but it is necessary to get as much data as possible out of the corrupt message. However, be aware that a MDC protection failure may also mean that the message was tampered with intentionally by an attacker. The usage scenario described in the first sentence is clearly a one time thing. Putting this option in gpg.conf ignores these kind of errors for all future usage, for risks and side effects see the second sentence. Ciao; Gregor=20