signature verification data
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun Mar 25 15:18:37 CEST 2012
On 03/25/2012 02:33 AM, auto15963931 at hushmail.com wrote:
> When an encrypted file sent to me is both encrypted and signed,
> when I use a command like this:
>
> gpg -o file-out -d file-in
>
>
> I can see the signature verification data appear as standard
> output, in the terminal, while the file-out contents are separated
> from it. Is there a way to have the signature verification data
> appended to the file-out text message itself or possibly some other
> way of preserving this verification data and keeping them together?
> I am referring to the command line interface, but I noticed that
> GPA also keeps them separated. Thanks.
you can use the --status-fd or --status-file arguments to direct
machine-readable signature verification messages wherever you like.
But sending it to the same file as the text is a bad idea. Don't do it.
For example, here's me dumping the decryption to stdout so that it flows
around the message:
0 dkg at pip:~$ gpg --status-fd 1 -d <x >x.2
gpg: Signature made Sun 25 Mar 2012 09:01:48 AM EDT
gpg: using RSA key 0xCCD2ED94D21739E9
gpg: please do a --check-trustdb
gpg: Good signature from "Daniel Kahn Gillmor <dkg at fifthhorseman.net>"
gpg: aka "Daniel Kahn Gillmor <dkg at openflows.com>"
gpg: aka "[jpeg image of size 3515]"
gpg: aka "Daniel Kahn Gillmor <dkg at debian.org>"
0 dkg at pip:~$ cat x.2
[GNUPG:] PLAINTEXT 74 0
test
[GNUPG:] SIG_ID chNvlYWvyBS3mjoLtZ3oEC2SQho 2012-03-25 1332680508
[GNUPG:] GOODSIG CCD2ED94D21739E9 Daniel Kahn Gillmor
<dkg at fifthhorseman.net>
[GNUPG:] NOTATION_NAME issuer-fpr at notations.openpgp.fifthhorseman.net
[GNUPG:] NOTATION_DATA 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
[GNUPG:] VALIDSIG 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9 2012-03-25
1332680508 0 4 0 1 10 01 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
[GNUPG:] TRUST_ULTIMATE
0 dkg at pip:~$
Here's why this is a bad idea:
Once you've stuck the verification data into the same file as the
message, how do you tell which parts are message body ends and which are
verification data?
You might assume that all the lines prefixed with [GNUPG:] are from the
gnupg signature verification process; but what if the original message
contained such lines (e.g. what if you were piping this message through
the signature verification process)?
By combining the data you're trying to verify with the results of the
verification, you open yourself to pretty easy exploitation from anyone
who chooses to craft their message in a certain way. For example, i
could just insert lines in my message that imply a good signature from
you, and place a well-formed (but bogus) cleartext signature around
them. Your verification process would emit my data into the file,
including my fake claims of verification. Someone scanning that file
later will believe that you signed it.
So yes, there's a way to do what you're asking. But you shouldn't do it.
--dkg
More information about the Gnupg-users
mailing list