-----BEGIN PGP SIGNED MESSAGE-----
using the pgp dump web interface, it identified the message as using mdc
packets, [also as expected], but listed the algorithm as 1 {a 'default '
listing for 'idea' once an rsa key is identified, even though 'idea' was
not used?}
The algorithm identifier lives in material encrypted under the public key.
Without the private key, all the parser could do is guess. (Does this
parser have the ability to decrypt the contents even if the unprotected
private key were present?)
The MDC packet itself is encrypted under the session key. Again, the
parser wouldn't be able to verify it. When you say it "identified the
message
as using mdc packets", I presume you mean that it noted that a
"symmetrically encrypted integrity protected data packet" (tag 18)
was present at the beginning, not that there was a valid MDC packet, right?
On that note, I've asked a couple of times about the way GnuPG
generates these packets, but I have never seen an authoritative
answer. The issue was that GnuPG used an old-style indeterminate-length
packet for the plaintext before the MDC (see my message of August 23
and any followup discussion for details). Should this be legal?
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQEVAwUBO+i1v2NDnIII+QUHAQEDuwf/RDBc0LbP8jwwg6T6y0GQGqTOBUbvWRpC
ClbmXN2XKfYt1g47cxBVc3Tg2NWD0YSFcdhguvtBb9fwQd+7YIwakLmJ/z52NhbJ
jTA/eAA2Y1blYYAn43whIatogEP1R3ssvqnvpo/awT4UEryxfV5oVh4sZZ/m9yCb
EzMolf6CKy2ocin7a6t1Ix71pevpTiYsufsF45ju6QvRSvZOG2pzTYasGZpfEIgQ
75yRZqOhSGI4MfLxE/MzsGHwBZlDotDoLyb3tfXCoGKhRFTCOX2ZN1/YeSthvkA1
l8wdQxv1/gWOEQ0tr4xtbopliFH8QvRSVq/Eznjtr4bg2jIWJNXaZg==
=yQeY
-----END PGP SIGNATURE-----