gpgsafe - wrapper for gpg to protect against secret key attacks

[Kurt Fitzner]

This message is in MIME format
--_=XFMail.1.5.0.Linux:20010701181501:1833=_
Content-Type: multipart/mixed;
 boundary="_=XFMail.1.5.0.Linux:20010701181459:1833=_"

This message is in MIME format
--_=XFMail.1.5.0.Linux:20010701181459:1833=_
Content-Type: text/plain; charset=us-ascii

Hi all,

I don't know the group policy on file attachments.  If this is a "Bad Thing"
then someone let me know, and I won't do it again.

Further to my idea about the signature verification of secret keys, I am
attaching a couple shell scripts - what I call 'gpgsafe'.

First, use 'updategpgsafe' to produce a signature of all your secret keys
(along with their associated public keys).

Then, you can use the 'gpgsafe' wrapper.  What it does, is check your secret
keys (and their associated public keys) against this signature.  If the
signature passes, then it simply passes control to gpg and passes all
command-line arguments to it.  If the signature check fails, then it spits out
a warning and exits with an -1 return code.

The caveat to this, is you need to make SURE you use 'updategpgsafe' every
time you make any change to your secret keyring AND every time you --edit the
public keys associtated with your secret ones.  If you do this, then (as far
as I know), this will protect you against secret-key modification attacks.

I have tested this on my system, and it works.  Your mileage may vary.  I am
handing this out for people to test and comment on.  I would really appreciate
comments on the theory of operation of this wrapper from someone who is more
familliar with encryption theory than I.

        Kurt


--_=XFMail.1.5.0.Linux:20010701181459:1833=_
Content-Disposition: attachment; filename="updategpgsafe"
Content-Transfer-Encoding: base64
Content-Description: updategpgsafe
Content-Type: application/octet-stream; name=updategpgsafe; SizeOnDisk=1040

IyEvYmluL3NoCiMKIyB1cGRhdGVncGdzYWZlIHYxLjAKIwojIGJ5IEt1cnQgRml0em5lciA8a2Zp
dHpuZXJAZXhjZWxjaWEuMnkubmV0PgojCiMgU2lnbiB5b3VyIEdudVBHIGtleSByaW5ncy4KIyBU
aGlzIGlzIGZvciB1c2Ugd2l0aCB0aGUgZ3Bnc2FmZSB3cmFwcGVyIHRvIGNvdW50ZXIgcG9zc2li
bGUKIyBhdHRhY2tzIGJhc2VkIG9uIG1vZGlmeWluZyB5b3VyIHNlY3JldCBrZXkuCiMgU2VlIGh0
dHA6Ly93d3cuaS5jei9lbi9vbmFzL3Rpc2s0Lmh0bWwgZm9yIG1vcmUgaW5mbyBvbiB0aGUgYXR0
YWNrLgojCiMgT3BlcmF0aW9uOgojICBXZSBnZXQgYSBsaXN0IG9mIGFsbCBrZXlzIG9uIHRoZSBz
ZWNyZXQgcmluZywgZXhwb3J0IHRoZSBwdWJsaWMgYW5kCiMgIHNlY3JldCBjb21wb25lbnRzIChj
YW4ndCBkbyB0aGlzIGluIG9uZSBvcGVyYXRpb24gd2l0aCBncGcgbGlrZSB5b3UKIyAgY2FuIHdp
dGggcGdwKSB0byBvbmUgZmlsZSwgYW5kIHRoZW4gd2Ugc2lnbiB0aGF0IGZpbGUuCiMgVGhlb3J5
OgojICBJZiB3ZSBoYXZlIGEgc2lnbmF0dXJlIHRoYXQgcHJvdGVjdHMgdGhlIGtleXMsIHRoZW4g
d2UgY2Fubm90IGJlIHRyaWNrZWQKIyAgaW50byB1c2luZyBhIG1vZGlmaWVkIHZlcnNpb24gb2Yg
dGhlIGtleSBhbmQgY29tcHJvbWlzaW5nIHNlY3VyaXR5LgojCiMgQ2hhbmdlIHRoZXNlIGlmIGl0
IGRvZXNuJ3QgbWF0Y2ggeW91ciBzeXN0ZW0gb2YgcHJlZmVyZW5jZXMuCiMKR05VUEdESVI9JEhP
TUUvLmdudXBnCktFWVNGSUxFPSRHTlVQR0RJUi9ncGdzYWZla2V5cwoKU0VDSURTPWBncGcgLS1s
aXN0LXNlY3JldC1rZXlzIHwgZ3JlcCBzZWMgfCBjdXQgLWQgJyAnIC1mIDMgLXMgfCBjdXQgLWQg
Jy8nIC1mIDJgCnJtIC1mICRLRVlTRklMRQpmb3IgU0VDUkVUS0VZIGluICRTRUNJRFM7IGRvCgln
cGcgLS1leHBvcnQgMHgkU0VDUkVUS0VZID4+ICRLRVlTRklMRQoJZ3BnIC0tZXhwb3J0LXNlY3Jl
dC1rZXkgMHgkU0VDUkVUS0VZID4+ICRLRVlTRklMRQpkb25lCmdwZyAtYiAkS0VZU0ZJTEUKcm0g
LWYgJEtFWVNGSUxFCgo=

--_=XFMail.1.5.0.Linux:20010701181459:1833=_
Content-Disposition: attachment; filename="gpgsafe"
Content-Transfer-Encoding: base64
Content-Description: gpgsafe
Content-Type: application/octet-stream; name=gpgsafe; SizeOnDisk=2146

IyEvYmluL3NoCiMKIyBncGdzYWZlIHYxLjAKIwojIGJ5IEt1cnQgRml0em5lciA8a2ZpdHpuZXJA
ZXhjZWxjaWEuMnkubmV0PgojIAojIEdOVSBQcml2YWN5IEd1YXJkIHNlY3JldCBrZXlyaW5nIHNh
ZmV0eSBjaGVjayB3cmFwcGVyLgojCiMgVGhpcyBpcyBhIHdyYXBwZXIgZm9yIGdwZyB0aGF0IHBy
b3RlY3RzIHlvdXIgcHJpdmF0ZSBrZXlyaW5nIGFnYWluc3QgcG9zc2libGUKIyBhdHRhY2tzIGJh
c2VkIG9uIG1vZGlmeWluZyB5b3VyIHNlY3JldCBrZXkuICBUaGVzZSBhdHRhY2tzIGFyZSBhIHNv
cnQgb2YKIyAnVHJvamFuIEhvcnNlJyBhdHRhY2ssIHdoZXJlIHRoZSBhdHRhY2tlciBtb2RpZmll
cyB5b3VyIHByaXZhdGUga2V5LiAgSWYgeW91CiMgdGhlbiBzaWduIHNvbWUgdGV4dCB3aXRoIHRo
aXMga2V5LCB0aGVuIHRoZSByZXN1bHRpbmcgc2lnbmF0dXJlIGNhbiBidSB1c2VkCiMgdG8gb2J0
YWluIHlvdXIgb3JpZ2luYWwgcHJpdmF0ZSBrZXkuCiMKIyBTaW5jZSBhdHRhY2tlcnMgY2Fubm90
IHRoZW1zZWx2ZXMgcHJvZHVjZSBhIHNpZ25hdHVyZSwgZHVlIHRvIHRoZSBwYXNzcGhyYXNlCiMg
ZW5jcnlwdGlvbiwgaXQgbWVhbnMgdGhhdCBpZiB5b3UgcHJlc2lnbiB5b3VyIHNlY3JldCBrZXly
aW5nLCBhbG9uZyB3aXRoIHRoZQojIGNvcnJlc3BvbmRpbmcgcHVibGljIGtleSwgdGhlIGF0dGFj
a2VyIGNhbm5vdCBtb2RpZnkgeW91ciBzZWNyZXQga2V5IGFuZCBhbHNvCiMgcmVzaWduIHRoZSBr
ZXlyaW5nLgojCiMgU2VlIGh0dHA6Ly93d3cuaS5jei9lbi9vbmFzL3Rpc2s0Lmh0bWwgZm9yIG1v
cmUgaW5mbyBvbiB0aGUgYXR0YWNrLgojCiMgT3BlcmF0aW9uOgojICBXZSBnZXQgYSBsaXN0IG9m
IGFsbCBrZXlzIG9uIHRoZSBzZWNyZXQgcmluZywgZXhwb3J0IHRoZSBwdWJsaWMgYW5kCiMgIHNl
Y3JldCBjb21wb25lbnRzIChjYW4ndCBkbyB0aGlzIGluIG9uZSBvcGVyYXRpb24gd2l0aCBncGcg
bGlrZSB5b3UKIyAgY2FuIHdpdGggcGdwKSB0byBvbmUgZmlsZSwgYW5kIHRoZW4gd2UgdmVyaWZ5
IHRoZSBwcmV2aW91c2x5IG1hZGUKIyAgc2lnbmF0dXJlIGFnYWluc3QgdGhpcy4KIwojIENoYW5n
ZSB0aGVzZSBpZiBpdCBkb2Vzbid0IG1hdGNoIHlvdXIgc3lzdGVtIG9mIHByZWZlcmVuY2VzLgoj
CkdOVVBHRElSPSRIT01FLy5nbnVwZwpLRVlTRklMRT0kR05VUEdESVIvZ3Bnc2FmZWtleXMKClNF
Q0lEUz1gZ3BnIC0tbGlzdC1zZWNyZXQta2V5cyB8IGdyZXAgc2VjIHwgY3V0IC1kICcgJyAtZiAz
IC1zIHwgY3V0IC1kICcvJyAtZiAyYApybSAtZiAkS0VZU0ZJTEUKZm9yIFNFQ1JFVEtFWSBpbiAk
U0VDSURTOyBkbwoJZ3BnIC0tZXhwb3J0IDB4JFNFQ1JFVEtFWSA+PiAkS0VZU0ZJTEUKCWdwZyAt
LWV4cG9ydC1zZWNyZXQta2V5IDB4JFNFQ1JFVEtFWSA+PiAkS0VZU0ZJTEUKZG9uZQppZiBncGcg
LXEgLS1iYXRjaCAtLXZlcmlmeSAkS0VZU0ZJTEUuc2lnIDI+IC9kZXYvbnVsbDsgdGhlbgoJcm0g
LWYgJFRFTVBGSUxFCglncGcgJCoKZWxzZQoJcm0gLWYgJFRFTVBGSUxFCgllY2hvIFwqXCpcKiBX
QVJOSU5HIFwqXCpcKlwgXCBcIEdQRyBrZXlyaW5nIHNpZ25hdHVyZSB2ZXJpZmljYXRpb24gZmFp
bHVyZVwgXCBcIFwqXCpcKiBXQVJOSU5HIFwqXCpcKgoJZWNobwoJZWNobyAiICBTb21lIG1vZGlm
aWNhdGlvbiBoYXMgYmVlbiBtYWRlIHRvIHlvdXIgc2VjcmV0IGtleXMsIG9yIHRvIHRoZWlyIG1h
dGNoaW5nIgoJZWNobyAiICBwdWJsaWMga2V5cy4gIFRoaXMgaXMgcHJvYmFibHkgZHVlIHRvIHlv
dSBlZGl0aW5nIHlvdXIgcHVibGljIGtleSB3aXRob3V0IgoJZWNobyAiICB1cGRhdGluZyB5b3Vy
IGdwZ3NhZmUgc2lnbmF0dXJlLiAgSG93ZXZlciwgaWYgeW91IGhhdmUgbm90IGVkaXRlZCB5b3Vy
IgoJZWNobyAiICBwdWJsaWMga2V5cyBzaW5jZSB0aGUgbGFzdCB0aW1lIHlvdSBoYXZlIHNpZ25l
ZCB0aGVtIHdpdGggdXBkYXRlZ3Bnc2FmZSwiCgllY2hvICIgIHRoZW4geW91IG1heSBoYXZlIGFu
IGF0dGFjaCBvbiB5b3VyIHByaXZhdGUga2V5LiIKCWVjaG8KCWVjaG8gXCpcKlwqIFdBUk5JTkcg
XCpcKlwqXCBcIFwgR1BHIGtleXJpbmcgc2lnbmF0dXJlIHZlcmlmaWNhdGlvbiBmYWlsdXJlXCBc
IFwgXCpcKlwqIFdBUk5JTkcgXCpcKlwqCglleGl0IC0xCmZpCg==

--_=XFMail.1.5.0.Linux:20010701181459:1833=_--
End of MIME message

--_=XFMail.1.5.0.Linux:20010701181501:1833=_
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)

iQEcBAEBAwAGBQI7P70DAAoJEN366Kf2Ie2tQbsH/j67m19nvPoDp1UW3g8wujIr
qc2FZZXZkfdWOOOM4H1iJ5r2VMlevWyT/gu8Q93J8EqmlDgyXa61sN9MmTwksNOY
QPn9o6GtEjif2uL2mcduqT5sH0ryBCQasGiId4Imv2t3zkquuwm5O1X/VNDodfJv
3GCxqGiErayzIF9Ha9hAMkq5XqhZdxsUh4Py0RSmZdEm2GjulBh8kwBEQf1uPlkZ
0nhyVjGYM52Gm7q9+GsU6bDHmLXGO2IUtcGcwermwq0cO/rae+OO3LneGoMXY5ko
BJmhdVxOWslXun+otIdWoSLMtdwgMwGyzZC+2J8ddNkG8gBGplkIJf6XjowC+Zw=
=jZSv
-----END PGP SIGNATURE-----

--_=XFMail.1.5.0.Linux:20010701181501:1833=_--
End of MIME message