diff options
Diffstat (limited to 'doc/gpg.texi')
-rw-r--r-- | doc/gpg.texi | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index 544ed1817..baad58657 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2596,21 +2596,18 @@ modern and faster way to do authenticated encrytion than the old MDC method. See also options @option{--aead-algo} and @option{--chunk-size}. -This option requires the use of option @option{--rfc4880bis} to -declare that a not yet standardized feature is used. +As of now this option requires the use of option @option{--rfc4880bis} +to declare that a not yet standardized feature is used. @item --force-mdc +@itemx --disable-mdc @opindex force-mdc -Force the use of encryption with a modification detection code. This -is always used with the newer ciphers (those with a blocksize greater -than 64 bits), or if all of the recipient keys indicate MDC support in -their feature flags. - -@item --disable-mdc @opindex disable-mdc -Disable the use of the modification detection code. Note that by -using this option, the encrypted message becomes vulnerable to a -message modification attack. +These options are obsolete and have no effect since GnuPG 2.2.8. The +MDC is always used unless the keys indicate that an AEAD algorithm can +be used in which case AEAD is used. But note: If the creation or of a +legacy non-MDC message is exceptionally required, the option +@option{--rfc2440} allows for this. @item --disable-signer-uid @opindex disable-signer-uid @@ -2740,7 +2737,10 @@ keys or data may not be usable with future GnuPG versions. @item --rfc2440 @opindex rfc2440 Reset all packet, cipher and digest options to strict RFC-2440 -behavior. +behavior. Note that by using this option encryption packets are +created in a legacy mode without MDC protection. This is dangerous +and should thus only be used for experiments. See also option +@option{--ignore-mdc-error}. @item --pgp6 @opindex pgp6 @@ -2750,8 +2750,9 @@ restricts you to the ciphers IDEA (if the IDEA plugin is installed), compression algorithms none and ZIP. This also disables @option{--throw-keyids}, and making signatures with signing subkeys as PGP 6 does not understand signatures made by signing subkeys. +FIXME: remove this options. -This option implies @option{--disable-mdc --escape-from-lines}. +This option implies @option{--escape-from-lines}. @item --pgp7 @opindex pgp7 @@ -3234,7 +3235,7 @@ It is required to decrypt old messages which did not use an MDC. It may also be useful if a message is partially garbled, but it is necessary to get as much data as possible out of that garbled message. Be aware that a missing or failed MDC can be an indication of an -attack. Use with caution. +attack. Use with great caution; see also option @option{--rfc2440}. @item --allow-weak-digest-algos @opindex allow-weak-digest-algos |