1

With reference to this answer link

I am getting a the following warning :

gpg: WARNING: message was not integrity protected
gpg: Hint: If this message was created before the year 2003 it is
     likely that this message is legitimate.  This is because back
     then integrity protection was not widely used.
gpg: Use the option '--ignore-mdc-error' to decrypt anyway.

It is completely ignorable. But I want to resolve it. Going through the BCGPG stuff on internet I narrowed down the issue to what I think the problem is.

 PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(new BcPGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.TRIPLE_DES).setSecureRandom(new SecureRandom()));

I think the problem arises on

BcPGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.TRIPLE_DES)

as SymmetricKeyAlgorithmTags.TRIPLE_DES is a quite old method of encryption. Moreover the key pair are asymmetric hence there should be some other asymmetric algorithms to use in code. I am not getting the correct way to implement other methods such as AES and SHA.

Although I am not 100% sure on this, can suggest more insight on solving this.

IROC
  • 97
  • 1
  • 12

1 Answers1

1

It is exactly what the message says. Integrity protection is described here: https://www.rfc-editor.org/rfc/rfc4880#section-5.13

I believe that the code you are referencing is not setting the withIntegrityPacket flag on the BcPGPDataEncryptorBuilder

So I would change:

PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(new BcPGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.TRIPLE_DES).setSecureRandom(new SecureRandom()));

to:

PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(new BcPGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.TRIPLE_DES).setSecureRandom(new SecureRandom()).setWithIntegrityPacket(true));

Let me know if it worked.

Community
  • 1
  • 1
Velja Radenkovic
  • 716
  • 1
  • 6
  • 27