I'm looking for help on a very specific issue.
I'm using Enigmail 2.0.7 for Thunderbird (not the latest version I know, but I cannot upgraded for company policy reasons).
On some occasions I have to send messages to a mailing list, and I need to encrypt messages for the recipients.
So I have a pgprule set in Enigmail with all recipient keys, so when I am sending a message to the mailing list address, it gets encrypted and signed for all recipients individually.
It does work (messages are successfully decrypted by most recipients), but people decrypting messages under Outlook with Kleopatra/gpg4win have MDC Errors.
They all seem to get the error
"Could not decrypt the data: Data is not integrity protected. Decrypting it could be a security problem. (no MDC)"
The weird issue is that when I am sending encrypted to messages to them individually (without the mailing list / pgprule), they are able to decrypt it without issue.
The mailing list is not "PGP aware" and is not able to decrypt/reencrypt the message so should not be suspected of causing the issue in my opinion.
I am a bit lost here, I don't really know how to debug the situation.
Would anyone have a clue to share with me?
Thank you !
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You likely don't only have an older version of Enigmail, but also of GnuPG, and you use an older key format (for example a DSA key).
I recommend you add --force-mdc to the additional parameters for GnuPG (menu Enigmail > Preferences > Advanved tab). This should enable MDC on all outgoing messages.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
I'm looking for help on a very specific issue.
I'm using Enigmail 2.0.7 for Thunderbird (not the latest version I know, but I cannot upgraded for company policy reasons).
On some occasions I have to send messages to a mailing list, and I need to encrypt messages for the recipients.
So I have a pgprule set in Enigmail with all recipient keys, so when I am sending a message to the mailing list address, it gets encrypted and signed for all recipients individually.
It does work (messages are successfully decrypted by most recipients), but people decrypting messages under Outlook with Kleopatra/gpg4win have MDC Errors.
They all seem to get the error
"Could not decrypt the data: Data is not integrity protected. Decrypting it could be a security problem. (no MDC)"
The weird issue is that when I am sending encrypted to messages to them individually (without the mailing list / pgprule), they are able to decrypt it without issue.
The mailing list is not "PGP aware" and is not able to decrypt/reencrypt the message so should not be suspected of causing the issue in my opinion.
I am a bit lost here, I don't really know how to debug the situation.
Would anyone have a clue to share with me?
Thank you !
You likely don't only have an older version of Enigmail, but also of GnuPG, and you use an older key format (for example a DSA key).
I recommend you add
--force-mdc
to the additional parameters for GnuPG (menu Enigmail > Preferences > Advanved tab). This should enable MDC on all outgoing messages.Thank you Patrick, I will give it a try!
I confirm adding --force-mdc to Enigmail option did the job, recipients are now able to decrypt messages.
Thanks a lot!