Upon decryption, the recipient needs to check the PKCS-1 formatting,
the checksum, and that the symmetric algorithm byte is one of the
supported algorithms. It then tries to decrypt the following message
block using that algorithm and session key, which block also has in
it a two-byte redundancy at the beginning to further detect bad keys.
Thanks a lot for the information. Would have missed the checksum
in the bulk data otherwise.
I don't think you can count it in. While the semantics of a (Session
Key Packet, Literal Packet) message is not defined in the RFC, a naïve
implementor may very well try to be "generous in what they accept", as
is suggested elsewhere in the document.
PGP 5 does not accept such messages, but prints an "assertion failed"
message only if the PKCS #1 padding and the Session Key Packet
checksum are correct.