When trying to decrypt an old .pgp file, I get a message saying that no integrity protection (MDC). I used to be able to decrypt these files without difficulty. The message says I can decrypt it with gpg on the command line using the option --ignore-mdc-error. I don’t know how to do this.
Hi @U78f39K,
on Windows there is an application called cmd (that is the command line). It is helpful to know how to navigate through the folders in cmd. This can be done with the cd command which is explained in this article.
When you are in the correct folder you can use the following command:
gpg --decrypt --ignore-mdc-error <name of the encrypted file>
(replace <name of the encrypted file> with the name of the file you want to decrypt).
Thank you for your help. When I try this, below is what I get:
c:\My Documents\Temp2>gpg --ignore-mdc-error Clarke's License Apr 2012.pdf.pgp
gpg: enabled debug flags: memstat trust extprog
gpg: enabled compatibility flags:
gpg: WARNING: no command supplied. Trying to guess what you mean ...
usage: gpg [options] [filename]
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg: build=0 update=0 insert=0 delete=0
gpg: reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: objcache: keys=0/0/0 chains=0,0..0 buckets=0/0 attic=0
gpg: objcache: uids=0/0/0 chains=0,0..0 buckets=0/0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks
Do I have something wrong in the syntax?
Regards,
Paul
Paul Galyean
Yes, there are two issues here:
- You forgot the
--decryptcommand at the beginning - As your filename contains white spaces, you need to put the filename in quotes, otherwise gpg (as any other program) doesn’t know what you mean as it . You can also type the beginning of the file name and then press “tab”, Windows will automatically add the rest of the filename, in quotes.
So in total:
gpg --decrypt --ignore-mdc-error "Clarke's License Apr 2012.pdf.pgp"
Thank you, the help is much appreciated.
Using the correct syntax, what I get in the Command Prompt screen is pages of symbols that look like this
4 G!dV��?���M7���QEY�����RQS��Q�T
Followed by:
endobj
0000000000 65535 f
0000748845 00000 n
0000748881 00000 n
0000748946 00000 n
0000749107 00000 n
0000749192 00000 n
0000749286 00000 n
0001336596 00000 n
0000749211 00000 n
0000749268 00000 n
gpg: WARNING: message was not integrity protected
gpg: keydb: handles=3 locks=0 parse=4 get=4
gpg: build=0 update=0 insert=0 delete=0
gpg: reset=0 found=4 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=8 cached=8 good=8 bad=0
gpg: objcache: keys=4/4/0 chains=379,1..1 buckets=383/20 attic=252
gpg: objcache: uids=2/2/0 chains=105,1..1 buckets=107/20
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks
c:\My Documents\Temp2>^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c^[[?61;4;6;7;14;21;22;23;24;28;32;42;52c
What I need is for the decrypted file to appear in the folder where the encrypted file is. Is there some way to turn what I see on the Command Prompt screen into the decrypted file? Some addition to the command used to decrypt?
Or better, is there some way to tell Kleopatra to ignore integrity protection when decrypting? If so, I could have it ignore integrity protection when decrypting old .pgp files and turn it back on when decrypting newer .gpg files.
Thanks again for the help.
Paul Galyean
Yes, using ---output before the --decrypt:
gpg --output "Clarke's License Apr 2012.pdf" --decrypt --ignore-mdc-error "Clarke's License Apr 2012.pdf.pgp"
I don’t know, I will leave that for others to answer 
Thank you, that works.
I have a lot of old files encrypted with .pgp, so this method would be hard to use on all of them. I’m hoping someone knows how to use Kleopatra for this so I have one uniform method for decrypting the old .pgp files as well as the newer .gpg files. Kleopatra used to do both.
Paul Galyean
There are general methods on Windows to do some scripting which would repeat a command line for a list of files. This should be fairly easy to look up or get some help from someone who knows what scripting on Windows means. (Just pointing out this possibility.)
You could put further options in your gpg.conf configuration file. This includes the option --ignore-mdc-error, buuuuuut it will render decryption of newer files unsafe. The integrity protection is there for a reason. One way would be to decrypt all old files in one session.
(And then re-encrypt them again if you must keep them encrypted.) This way you would only use the unsafe software on the old files.
My answer probably is a bit short and does not explain everything to you, but I wanted to outline principle strategies.
Best Regards,
Bernhard
I find on my C: drive a file called gpg.conf in Users/test/AppData/Roaming/gnupg. Is this the file where I would put the --ignore-MDC-error command? Is this file used by Kleopatra?
At present, what I see in this file is:
###+++--- GPGConf ---+++###
utf8-strings
debug-level advanced
###+++--- GPGConf ---+++### 05/21/26 17:31:58 Pacific Daylight Time
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.
I understand about the security impact of this command. I would do this only temporarily to decrypt the old .pgp files before re-encrypting them as .gpg files with this --ignore-MDC-error command removed.
Thanks very much for your help.
Paul Galyean
Hi Paul,
Yes to both. (Kleopatra is a frontend using the crypto engine GnuPG.)
Put the ignore-MDC-error option below the gpg-conf lines.
I would do this only temporarily to decrypt the old .pgp files before re-encrypting them
That sounds about right.
Thanks very much for your help.
You are welcome, thanks for using Gpg4win/GnuPG!
Best Regards,
Bernhard
I am sorry to keep bothering you, but I can’t get this to work.
The gpg.conf file is as follows:
###+++--- GPGConf ---+++###
utf8-strings
debug-level advanced
###+++--- GPGConf ---+++### 05/21/26 17:31:58 Pacific Daylight Time
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.
I tried --ignore-MDC-error and ignore-MDC-error and ignore-MDC error, in all three cases after debug-level advanced and after “never change anything below these lines.” In all cases, it breaks Kleopatra, which says it can’t find the file I am trying to decrypt.
I’m guessing I don’t have the syntax right.
Regards,
Paul
Paul Galyean
Hi Paul,
sorry, it should have been all lower case, ignore-mdc-error.
(I wrote it correctly the first time, but somehow managed to misspell it the second time.)
See.
`GPG Esoteric Options (Using the GNU Privacy Guard)
Another hint: test the configuration with a command line run, before using Kleopatra!
Best,
Bernhard
Thank you, that works. Much appreciated.
Paul Galyean
(number redacted)
1 Like
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.