security issue with signing files

David Shaw
Sun Nov 25 01:12:01 2001

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Nov 24, 2001 at 08:54:57PM +0100, Florian Weimer wrote:
> David Shaw <> writes:
> > All that said, a possible solution to your problem is to make a local
> > copy of the file to be signed in a place that only you can write to,
> > and verify that local copy is the one you want to sign before signing
> > it.  Is that perfectly secure?  No.  It just changes the threat
> > model.  Only you can decide if it changes it enough to make your
> > application safe enough.
> >
> > Another way to approach the problem is a program that reads the file
> > into memory, shows it to you for approval, then pipes it directly from
> > memory to GnuPG for signing.  This has the advantage of raising the
> > bar fairly high for an attacker - it is harder (but again, not
> > impossible) to modify the memory of a running process.
> I don't think both scenarios (local copy vs. in-memory copy) make much
> of a difference.  If an attacker is able to fiddle with my files, in
> almost all but a few constructed cases, he can also take over my
> account, grab the secret key, and eavesdrop the passphrase.

I don't think either.  However, I'm not the signer.  It is not up to
me to determine what is secure enough - I don't know which OS is being
used, the physical security situation, signing policy of the site,
etc.  Only the signer can make that call.  That is why I didn't answer
"You should do this".  I answered "Here are the issues.  Make your own


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.6b (GNU/Linux)