GnuPG Summer Riddle 2007 [SOLUTION]

Ingo Klöcker kloecker at kde.org
Thu Jan 24 23:10:46 CET 2008


On Thursday 24 January 2008, Sascha Wilde wrote:
> Bernhard Reiter <bernhard at intevation.de> wrote:
>
> SPOILER WARNING - SPOILER WARNING - SPOILER WARNING - SPOILER WARNING
>
>                                 SOLUTION
>
> SPOILER WARNING - SPOILER WARNING - SPOILER WARNING - SPOILER WARNING
>
> > http://ftp.intevation.de/users/bernhard/gnupg/gnupg-summer-riddle-2
> >007/
>
> Disclaimer: as suggested in rule c) I did _not_ look at the app files
> an therefore did not verify my theory.
>
> Here is my idea:
> 
> The signature provided is a text mode signature, therefore CRLF and
> LF are handles the same and all files only differing by these sorts
> of line breaks match the same signature.  Even worse: the used type
> of line break doesn't have to be consistent within one file.

Having a quick look at RFC 2440 and the signature file ( c) talks about 
the application files, but not about the signature file) verifies that 
the signature is of type 0x01:

0x01: Signature of a canonical text document.
         Typically, this means the signer owns it, created it, or
         certifies that it has not been modified.  The signature is
         calculated over the text data with its line endings converted
         to <CR><LF> and trailing blanks removed.

So it's not just line endings but also trailing blanks.


> Proof of concept:
>
> The attached files (using my favorite language) both match the same
> textmode signature (attached for reference, too) but yield different
> output:
>
> wilde at kenny[~/tmp/gsr]% gpg2 --verify proof1.lisp.sig proof1.lisp
> gpg: Signature made Thu Jan 24 21:45:40 2008 CET using DSA key ID
> 69115024 gpg: Good signature from "Sascha Wilde <swilde at sha-bang.de>"
> gpg:                 aka "Sascha Wilde <wilde at sha-bang.de>"
> wilde at kenny[~/tmp/gsr]% gpg2 --verify proof1.lisp.sig proof2.lisp
> gpg: Signature made Thu Jan 24 21:45:40 2008 CET using DSA key ID
> 69115024 gpg: Good signature from "Sascha Wilde <swilde at sha-bang.de>"
> gpg:                 aka "Sascha Wilde <wilde at sha-bang.de>"
> wilde at kenny[~/tmp/gsr]% sbcl --noinform --noprint <proof1.lisp
> bar
> wilde at kenny[~/tmp/gsr]% sbcl --noinform --noprint <proof2.lisp
> foo

Nice. The attached files are my crude bash-based proof of concept.

ingo at thufir:~/temp/gnupg-summer-riddle-2007> gpg2 --verify app4.sh.sig 
app4.sh
gpg: Signature made Thu 24 Jan 2008 10:45:49 PM CET using DSA key ID 
30E0B9D8
gpg: Good signature from "Ingo Klöcker <kloecker at kde.org>"
gpg:                 aka "Ingo H. Klöcker <ingo.kloecker at web.de>"
gpg:                 aka "Ingo H. Klöcker 
<ingo.kloecker at matha.rwth-aachen.de>"
ingo at thufir:~/temp/gnupg-summer-riddle-2007> gpg2 --verify app4.sh.sig 
app5.sh
gpg: Signature made Thu 24 Jan 2008 10:45:49 PM CET using DSA key ID 
30E0B9D8
gpg: Good signature from "Ingo Klöcker <kloecker at kde.org>"
gpg:                 aka "Ingo H. Klöcker <ingo.kloecker at web.de>"
gpg:                 aka "Ingo H. Klöcker 
<ingo.kloecker at matha.rwth-aachen.de>"
ingo at thufir:~/temp/gnupg-summer-riddle-2007> ./app4.sh
Hi, I'm your app tonight.
ingo at thufir:~/temp/gnupg-summer-riddle-2007> ./app5.sh
Showing resistors is futile, you will be policed!


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gsr2007-bash.tar
Type: application/x-tar
Size: 10240 bytes
Desc: not available
URL: </pipermail/attachments/20080124/3549bfa2/attachment.tar>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20080124/3549bfa2/attachment.pgp>


More information about the Gnupg-users mailing list