The Google is not answering this question because The Google results are flooded with a question similar to mine in form but quite different in meaning. I'm mentioning this because I already know that there is common issue with a complaint about message integrity when CAST5 (the default) is used. I just want to be clear that I am not asking about CAST5, I am asking a question about AES256 (always AES256, I have my default set to AES256), but I'm curious about the differences between signed and unsigned. Okay, so, here it goes:
When using gpg with AES256, message integrity is "turned on" by default so that I don't get any complaints about message integrity when just encrypting symmetrically with AES256. For example, suppose I have this file "test.txt":
$ ls
test.txt
$ cat test.txt
blah blah blah
And I encrypt symmetrically:
$ gpg --symmetric ./test.txt <---[Symmetric AES256]
$ ls
test.txt test.txt.gpg
$ gpg -d ./test.txt.gpg
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase <---[No complaint about integrity]
blah blah blah
But, if I add a signature then gpg complains about message integrity, even though I'm still using AES256. Like this:
$ gpg --symmetric --sign ./test.txt
You need a passphrase to unlock the secret key for
user: "hft"
4096-bit RSA key
gpg: AES256 encryption will be used
Now, when I decrypt I get a complaint about integrity:
$ gpg -d ./test.txt.gpg
gpg: AES256 encrypted data
gpg: encrypted with 1 passphrase
blah blah blah
gpg: Signature made Thu, Jun 18, 2015
gpg: Good signature from "hft"
gpg: WARNING: message was not integrity protected
I know that I can force the complaint to go away of I use --force-mdc like this:
$ gpg --symmetric --sign --force-mdc ./test.txt
But, my question is: Does gpg really "turn off" the AES256 MACing for integrity when I elect to also sign the message with my private key? Even though it is "turned on" for AES256 when I don't sign? Or is this just a bug? It seems ridiculous to turn off the integrity MAC just because I signed with an asymmetric key.