summaryrefslogtreecommitdiffstats
path: root/doc/gpg.texi
diff options
context:
space:
mode:
Diffstat (limited to 'doc/gpg.texi')
-rw-r--r--doc/gpg.texi29
1 files changed, 15 insertions, 14 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 544ed1817..baad58657 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2596,21 +2596,18 @@ modern and faster way to do authenticated encrytion than the old MDC
method. See also options @option{--aead-algo} and
@option{--chunk-size}.
-This option requires the use of option @option{--rfc4880bis} to
-declare that a not yet standardized feature is used.
+As of now this option requires the use of option @option{--rfc4880bis}
+to declare that a not yet standardized feature is used.
@item --force-mdc
+@itemx --disable-mdc
@opindex force-mdc
-Force the use of encryption with a modification detection code. This
-is always used with the newer ciphers (those with a blocksize greater
-than 64 bits), or if all of the recipient keys indicate MDC support in
-their feature flags.
-
-@item --disable-mdc
@opindex disable-mdc
-Disable the use of the modification detection code. Note that by
-using this option, the encrypted message becomes vulnerable to a
-message modification attack.
+These options are obsolete and have no effect since GnuPG 2.2.8. The
+MDC is always used unless the keys indicate that an AEAD algorithm can
+be used in which case AEAD is used. But note: If the creation or of a
+legacy non-MDC message is exceptionally required, the option
+@option{--rfc2440} allows for this.
@item --disable-signer-uid
@opindex disable-signer-uid
@@ -2740,7 +2737,10 @@ keys or data may not be usable with future GnuPG versions.
@item --rfc2440
@opindex rfc2440
Reset all packet, cipher and digest options to strict RFC-2440
-behavior.
+behavior. Note that by using this option encryption packets are
+created in a legacy mode without MDC protection. This is dangerous
+and should thus only be used for experiments. See also option
+@option{--ignore-mdc-error}.
@item --pgp6
@opindex pgp6
@@ -2750,8 +2750,9 @@ restricts you to the ciphers IDEA (if the IDEA plugin is installed),
compression algorithms none and ZIP. This also disables
@option{--throw-keyids}, and making signatures with signing subkeys as PGP 6
does not understand signatures made by signing subkeys.
+FIXME: remove this options.
-This option implies @option{--disable-mdc --escape-from-lines}.
+This option implies @option{--escape-from-lines}.
@item --pgp7
@opindex pgp7
@@ -3234,7 +3235,7 @@ It is required to decrypt old messages which did not use an MDC. It
may also be useful if a message is partially garbled, but it is
necessary to get as much data as possible out of that garbled message.
Be aware that a missing or failed MDC can be an indication of an
-attack. Use with caution.
+attack. Use with great caution; see also option @option{--rfc2440}.
@item --allow-weak-digest-algos
@opindex allow-weak-digest-algos