The Modification Detection Code (MDC)

Mukesh KumarMukesh Kumar
2 min read

The Modification Detection Code (MDC) is an integrity check used in OpenPGP to ensure that encrypted messages have not been tampered with.

Here’s how it works:

Integrity Check: When a message is encrypted, an MDC is generated and appended to the message. This MDC is essentially a hash of the plaintext message.

Detection: During decryption, the MDC is recalculated and compared with the original MDC appended to the message. If they match, the message is considered intact. If they don’t match, it indicates that the message has been altered.

Tamper Detection: This mechanism helps detect any unauthorized modifications to the encrypted data, ensuring the integrity and authenticity of the message.

MDC was introduced to address vulnerabilities in older encryption methods that didn’t include integrity checks, making it a crucial feature for secure communication.

To verify if MDC check is passed for failed for the decrypted file:

To check if the MDC (Modification Detection Code) has failed or succeeded when decrypting a file with GPG, you can look for specific messages in the output. Here’s how you can do it:

  1. Command Line Output: When you decrypt a file using GPG, it will display messages indicating the status of the MDC.

    For example: If the MDC check succeeds, you might see a message like

    gpg: encrypted with 2048-bit RSA key, ID XXXXXXXX, created YYYY-MM-DD.

    If the MDC check fails, you will see an error message such as

    gpg: WARNING: message was not integrity protected or gpg: decryption failed: bad packet.

  2. Verbose Mode: You can use the --verbose flag to get more detailed output, which can help in identifying MDC-related issues:

    gpg --verbose --decrypt <encrypted_file>

Ignore MDC error:

If you want to decrypt a file even if the MDC check fails (not recommended for security reasons), you can use the --ignore-mdc-error flag.

gpg --ignore-mdc-error --decrypt <encrypted_file>

However, it’s important to note that ignoring MDC errors can expose you to potential security risks, as it means the integrity of the message cannot be guaranteed

0
Subscribe to my newsletter

Read articles from Mukesh Kumar directly inside your inbox. Subscribe to the newsletter, and don't miss out.

MDCGPG keygpgencryptiondecryptionPGP

Written by

Mukesh Kumar
Mukesh Kumar

I am a Software Development lead in a product based company.