gpg signing seems to "remove" integrity

1.3k views Asked by At

The Google is not answering this question because The Google results are flooded with a question similar to mine in form but quite different in meaning. I'm mentioning this because I already know that there is common issue with a complaint about message integrity when CAST5 (the default) is used. I just want to be clear that I am not asking about CAST5, I am asking a question about AES256 (always AES256, I have my default set to AES256), but I'm curious about the differences between signed and unsigned. Okay, so, here it goes:

When using gpg with AES256, message integrity is "turned on" by default so that I don't get any complaints about message integrity when just encrypting symmetrically with AES256. For example, suppose I have this file "test.txt":

 $ ls
test.txt
 $ cat test.txt
blah blah blah

And I encrypt symmetrically:

 $ gpg --symmetric ./test.txt        <---[Symmetric AES256]
 $ ls
test.txt  test.txt.gpg
 $ gpg -d ./test.txt.gpg
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase     <---[No complaint about integrity]
blah blah blah

But, if I add a signature then gpg complains about message integrity, even though I'm still using AES256. Like this:

 $ gpg --symmetric --sign ./test.txt

You need a passphrase to unlock the secret key for
user: "hft"
4096-bit RSA key

gpg: AES256 encryption will be used

Now, when I decrypt I get a complaint about integrity:

 $ gpg -d ./test.txt.gpg
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase
blah blah blah
gpg: Signature made Thu, Jun 18, 2015
gpg: Good signature from "hft"
gpg: WARNING: message was not integrity protected

I know that I can force the complaint to go away of I use --force-mdc like this:

 $ gpg --symmetric --sign --force-mdc ./test.txt

But, my question is: Does gpg really "turn off" the AES256 MACing for integrity when I elect to also sign the message with my private key? Even though it is "turned on" for AES256 when I don't sign? Or is this just a bug? It seems ridiculous to turn off the integrity MAC just because I signed with an asymmetric key.

0

There are 0 answers