[Announce] GnuPG 2.1.0 "modern" released

Nicholas Cole nicholas.cole at gmail.com
Mon Nov 10 12:02:06 CET 2014


On Fri, Nov 7, 2014 at 9:21 PM, Simon Nicolussi <sinic at sinic.name> wrote:
> The announcement read:
>> If you already have a version of GnuPG installed, you can simply
>> verify the supplied signature.  For example to verify the signature
>> of the file gnupg-2.1.0.tar.bz2 you would use this command:
>>
>>   gpg --verify gnupg-2.1.0.tar.bz2.sig
>
> Invoking GnuPG that way is insecure without knowing the contents of the
> signature file. An attacker could have replaced it by something that's
> not, in fact, a detached signature.
>
> I've attached an exemplary signature file (named gnupg-2.1.0.tar.bz2.sig
> for your convenience) that demonstrates the problem:
>> $ echo evil stuff > gnupg-2.1.0.tar.bz2
>> $ gpg2 --verify gnupg-2.1.0.tar.bz2.sig
>> gpg: Signature made Fri Oct 31 07:55:15 2014 CET using RSA key ID 4F25E3B6
>> gpg: Good signature from "Werner Koch (dist sig)" [full]
>
> Future announcements should call --verify with two files as arguments;
> the same goes for https://www.gnupg.org/download/integrity_check.html:
>>   gpg --verify gnupg-2.1.0.tar.bz2.sig gnupg-2.1.0.tar.bz2.sig

Is the point that you can have a signed file that makes you THINK you
have verified a file when in fact you haven't?  So the confusion is
that you have one single command that deals with verifying both a
detached signature and with a file that contains a signature?

Is the best fix for this to introduce two new commands

--verify-detached (requires two arguments)

and

--verify-file

and then to make everything that simply calls the old command --verify
break?  Or is that too radical?


N.



More information about the Gnupg-users mailing list