5
I understand that gpg 1.4.9 computes a MDC code by default. According to my research this corresponds to to Sym. Encrypted and Integrity Protected Data Packet (tag 18) in the PGP spec. If the file is signed doesn't this also provide modification protection (in addition to providing proof of sender's identity)?
I think this might be the case because I wrote code using the BouncyCastle API and and noticed that when one verified a signed file, a signature is computed from the encrypted data stream and compared against the one recorded in the file.
I'm trying to understand whether there is some redundancy here or if these two mechanisms serve different purposes.
Thanks - this helps. What I am also trying to figure out is the purpose of the MDC which seems to be computed even if the file is not signed. – Shane Mcpherson – 2012-01-16T10:42:04.393
Edited, now that I understand better what you want to know. – Nathan Grigg – 2012-01-16T15:25:48.417
Thanks, exactly what I was looking for. Sorry it took so long for me to get around to accepting your answer, this question slipped my mind for a while. – Shane Mcpherson – 2012-02-18T04:48:57.897