[messaging] Advertising public key in email (was: TOFU to ease PGP key discovery)

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Feb 11 13:14:24 PST 2015

On Wed 2015-02-11 15:30:17 -0500, Andy Isaacson wrote:
> On Wed, Feb 11, 2015 at 05:56:44AM -0600, Tom Ritter wrote:
>> PGP has this janky MDC thing
>> http://tools.ietf.org/html/rfc4880#section-5.14 that would prevent a
>> bitflipped message from getting through, but not side channels or
>> attacks on the decryption process.
> I'm not certain but I think GnuPG is putting a SHA inside the RSA
> encryption of encrypted-but-not-signed messages.  pgpdump on the outer
> message says:

This is indeed the "janky MDC thing" Tom is talking about.

from the spec:

  The body of this packet consists of:

     - A 20-octet SHA-1 hash of the preceding plaintext data of the
       Symmetrically Encrypted Integrity Protected Data packet,
       including prefix data, the tag octet, and length octet of the
       Modification Detection Code packet.


More information about the Messaging mailing list