Re: PGP spoof decrypted output?

[Rich Henning <vulnerable () fast net>]

On Fri, Jun 07, 2002 at 08:56:30AM -0500, McAllister, Andrew wrote:
> What result would you expect? The data I encrypted or the data the hacker appended? The answer: No warnings, no 
> errors, just the data that the hacker APPENDED to my PGP encrypted file. Not the original signed and encrypted file 
> itself. This seems like a bug to me, no?
> I've found that if you ASCII armor the file, the result is as expected after decryption. You get only the originally 
> encrypted file. I have not tested gpg or pgpi or older versions, just the NAI PGP available from the MIT download 
> site. Anyone care to test the other implementations?

I was unable to reproduce this behavior using GPGv1.0.6 on linux-2.4.18 x86
in fact, i was even warned that the encrypted message was modified:

$ cat TESTFILE2
this is a pgp encrypted file

$ gpg -es TESTFILE2
...
...

$ echo "APPENDED" >> TESTFILE2.gpg

$ gpg --decrypt TESTFILE2.gpg
...
...
gpg: encrypted with 1024-bit ELG-E key, ID A873F010, created 2001-10-18
      "Richard Henning <henninrp () fast net>"
      this is a pgp encrypted file
      gpg: Signature made Fri Jun  7 12:32:16 2002 EDT using DSA key ID
      8B036609
          gpg: Good signature from "Richard Henning <henninrp () fast net>"
      gpg: WARNING: encrypted message has been manipulated!

-- 
[ rich henning      ]                                             /"\
[ henninrp () fast net ]                                             \ /
                                                                   X
support the ascii ribbon campaign against html e-mail             / \

pgp: http://diss0nance.lawngnome.org/pgp_public.txt