Forum: help-en

Monitor Forum | Start New Thread Start New Thread
RE: Error message when receive encrypted email. [ Reply ]
By: Andre Heinecke on 2020-02-25 09:20
[forum:7066]
What software is your communication partner using?! Adding an MDC has been standard I think since 2006.
We could offer an option in GpgOL to decrypt it anyway but so far reports about such insecure mails have been extremely rare.


BTW. signing would not help in that case because it is openpgp with missing MDC that is the issue.

RE: Error message when receive encrypted email. [ Reply ]
By: Bernhard Reiter on 2020-02-24 10:14
[forum:7056]
Hi Michel,

the data has not been protected against manipulation and it is a security
problem to decrypt it.

Ask your communication partner to resend the data and sign it as well.

Technically this can happen with
a) OpenPGP, someone used a very old key (structure), very old means 15 year or more
b) S/MIME the data that was encrypted has not been signed

The details are technical, see the part of the crypto-gadget attack on
on https://www.gpg4win.de/statement-efail.html

Best Regards,
Bernhard

Error message when receive encrypted email. [ Reply ]
By: Michel de Montigny on 2020-02-21 20:53
[forum:7051]

Annotation 2020-02-21 155249.png (0) downloads
Hi,

When I try to read an encrypted email, I got this error message in Outlook (Office 365) :

"Could not decrypt the data: Data is not integrity protected. Decrypting it could be a security problem. (no MDC)"

(see attachment)

Any idea ?

Thanks,
Michel