key verification

Bjoern Jacke
Fri, 17 Nov 2000 17:08:31 +0100

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


I just found some strange behaviour of gpg 1.04. I have a message
clearsigned by 0x0BB7C8F9. Mutt (gpg) told me that "there is no
indication that the signature belongs to the owner." The strange thing
is that the key is signed by 0x890C0981, which one is signed by me and
has full trust as this is the DFN CA.

So I tried to find out why the key 0x0BB7C8F9 is not fully trusted. I
I did 'cat message | gpg' to see what gpg said without using mutt. gpg
tried to find a valid trust path but couldn't find one and then
interactively tried to assign some missing owner trust values. There
have been two more keys on my keyring who signed the key 0x0BB7C8F9. I
also gave trust to the key 0xA5DD03D1 and after that gpg asked me for a
trust value of key 0x8D74F5A1. At this point I thought fully trusting
the first one should be enough and I wanted to quit, pressed 'q'. After
that gpg just kept saying:

gpg: waiting for lock (hold by 15124 - probably dead) ...
gpg: waiting for lock (hold by 15124 - probably dead) ...

Looks like a bug to me. The keys are all available on keyservers and the
message is attached to this mail.

Has anyone an idea what might me wrong here, why the key is not trusted
and what the locking problem is all about?


Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=message


Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgende Warnung des FreeBSD Security
Officers ueber Sicherheitsprobleme bei Gnu Privacy Guard (gnupg). Wir
geben diese Informationen unveraendert an Sie weiter.

In GnuPG besteht ein Fehler bei der Ueberpruefung von mehrfachen
Sigaturen. Ein Angreifer, der einen Text mehrfach signiert hat, kann
Teile des signierten Textes aendern, ohne dass die fuer diesen
Abschnitt relevanten Signaturen ungueltig werden.
Von der Schwachstelle sind die GnuPG Versionen bis einschliesslich
Version 1.0.3 bzw. deren Ports bis einschliesslich zum 18. 10. 2000
betroffen. FreeBSD stellt korrigierte Versionen des Ports bereit.

Auf diese Schwachstelle haben wir sie bereits am 24. 10. 2000 in einem
Advisory von RedHat hingewiessen.

Mit freundlichen Gruessen,
		Klaus Moeller, DFN-CERT

- --
Klaus Moeller            |          
DFN-CERT GmbH            |
Vogt-Koelln-Str. 30      |                      Phone: +49(40)42883-2262
D-22527 Hamburg          |                        FAX: +49(40)42883-2241
Germany	                 |       PGP-Key: finger


FreeBSD-SA-00:67                                           Security Advisory
                                                                FreeBSD, Inc.

Topic:          gnupg fails to correctly verify signatures

Category:       ports
Module:         gnupg
Announced:      2000-11-10
Credits:        Jim Small <cavenewt@MY-DEJA.COM>
Affects:        Ports collection prior to the correction date.
Corrected:      2000-10-18
Vendor status:  Updated version released
FreeBSD only:   NO

I.   Background

GnuPG is an implementation of the PGP digital signature/encryption

II.  Problem Description

Versions of gnupg prior to 1.04 fail to correctly verify multiple
signatures contained in a single document. Only the first signature
encountered is actually verified, meaning that other data with invalid
signatures (e.g. data which has been tampered with by an attacker)
will not be verified, and the entire document will be treated as
having valid signatures.

The gnupg port is not installed by default, nor is it "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains over 4100 third-party applications in a ready-to-install
format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 are
vulnerable to this problem since it was discovered after the releases,
but it was corrected prior to the release of FreeBSD 4.2.

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.

III. Impact

Documents containing multiple signed regions of data can be corrupted
or tampered with by an attacker without detection, as long as the
first signature in the document remains valid.

IV.  Workaround

Deinstall the gnupg port/package, if you you have installed it.

V.   Solution

One of the following:

1) Upgrade your entire ports collection and rebuild the gnupg port.

2) Deinstall the old package and install a new package dated after the
correction date, obtained from the following directories:

3) download a new port skeleton for the gnupg port from:

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see


Version: 2.6.2i
Comment: Processed by Mailcrypt 3.5.5, an Emacs/PGP interface



Archive is at - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to