Modification Detection Code (MDC)

Files encrypted by PGP or GPG include a Modification Detection Code (MDC) which is used to confirm the integrity of the file.

In current and modern versions of PGP and GPG (version 7 onwards), the MDC is included by default. Older versions (version 6 and earlier) did not include the MDC by default, but allowed it to be optionally added.

If you receive a PGP or GPG encrypted file that does not include the MDC then you will see the following error message in the logs and site alert emails:

File is gpg encrypted but is missing modification detection code (MDC): path/to/folder/encrypted_file.txt.pgp

This error means that the integrity of the file cannot be confirmed, and is a cause for concern if data security is important to you.

If you are willing to accept receiving GPG files which cannot have their integrity checked, then you can enable the Ignore MDC integrity check option for file decryption to bypass this check.

You can also contact your counterparty and ask them to include the MDC, if possible, when encrypting files. If your counterparty is using GPG to encrypt the file then ask them to use version 7 or later, which includes the MDC by default, or use the --force-mdc flag with older GPG versions to enforce the inclusion of the MDC.