Hi,
When I try to read an encrypted email, I got this error message in Outlook (Office 365) :
“Could not decrypt the data: Data is not integrity protected. Decrypting it could be a security problem. (no MDC)”
(see attachment)
Any idea ?
Thanks,
Michel
Hi Michel,
the data has not been protected against manipulation and it is a security
problem to decrypt it.
Ask your communication partner to resend the data and sign it as well.
Technically this can happen with
a) OpenPGP, someone used a very old key (structure), very old means 15 year or more
b) S/MIME the data that was encrypted has not been signed
The details are technical, see the part of the crypto-gadget attack on
on https://www.gpg4win.de/statement-efail.html
Best Regards,
Bernhard
What software is your communication partner using?! Adding an MDC has been standard I think since 2006.
We could offer an option in GpgOL to decrypt it anyway but so far reports about such insecure mails have been extremely rare.
BTW. signing would not help in that case because it is openpgp with missing MDC that is the issue.