Invalid cross certification?
David Shaw
dshaw at jabberwocky.com
Tue Apr 8 19:22:12 CEST 2008
On Tue, Apr 08, 2008 at 10:35:31AM -0500, Robert J. Hansen wrote:
> I'm beginning to do my own testing of GnuPG 2.0.9, and I'm seeing
> something a bit odd. I have a message encrypted and signed to myself
> which GnuPG 1.4.9 decrypts and verifies correctly. GnuPG 2.0.9 gives a
> warning about there being an invalid cross-certification.
>
> Googling was not especially helpful. Checking the source code,
> sig-check.c turned out to have the most useful bit of information:
>
> /* Check the backsig. This is a 0x19 signature from the
> ~ subkey on the primary key. The idea here is that it should
> ~ not be possible for someone to "steal" subkeys and claim
> ~ them as their own. The attacker couldn't actually use the
> ~ subkey, but they could try and claim ownership of any
> ~ signaures issued by it. */
>
> So the obvious questions:
>
> 1. If 1.4.9 and 2.0.9 use the same crypto code for OpenPGP, why is
> there this difference in functionality?
This should work. I believe the code is identical around backsigs.
> 2. How is it possible to put an 0x19 signature on the primary key from
> the subkey, in order to get rid of this error message?
It seems that there is a valid 0x19 signature already, as 1.4.9 does
not give you a warning. Still, if you do --edit-key and then
"cross-certify", you can add a backsig to any key you like.
Looking at your signing subkey 8D02BBB3, I do see a valid backsig on
it.
Ah, I suspect this is the reason:
subpkt 32 len 86 (signature: v4, class 0x19, algo 17, digest
algo 11)
Digest algo 11 is SHA-224, which is fairly recent. I believe it was
added to libgcrypt somewhere in the 1.3.x development. Does your
libgcrypt have it?
David
More information about the Gnupg-users
mailing list