As of version 2.2.8, GnuPG/gpg will not accept encrypted or signed and encrypted .pgp files which don’t have integrity protection packet, also known as Modification detection code (MDC packet). This will be the default behavior of GnuPG from now on, and is their answer to the EFAIL attack.
Our product OpenPGP Library for .NET exposes methods which allow explicit setting of the integrity protection packet. But up till now the methods where this parameter was absent didn’t used integrity protection and the output from them will not be accepted by all new versions of GnuPG. This applies also to all methods that deal with output as String type.
In order to address this issue, version 1.8.4 of DidiSoft OpenPGP Library for .NET exposes a new property of the PGPLib class : PGPLib.IntegrityProtectArchives. Sample usage is :
PGPLib pgp = new PGPLib(); pgp.IntegrityProtectArchives = true; |
This code block will ensure that all subsequent operations where Integrity protection is not specified explicitly will use it and the output will be accepted from GnuPG 2.2.8 and upper versions. The same applies to Symantec PGP Command Line 10.4.2 and newer versions.
