How to detect extraneous content in clearsigned (--clearsign) files?
vedaal at nym.hush.com
vedaal at nym.hush.com
Mon Jan 12 23:09:29 CET 2015
On 1/12/2015 at 1:50 PM, "Patrick Schleizer" <patrick-mailinglists at whonix.org> wrote:
>> gpg --verify --output OUT SIGNEDDATA
-----
>gpg --output ./out --verify ./sha512sums.asc
>
>When it exits 0, then this approach is sound, sane and fine?
-----
There is a way of addition to clearsigned messages that is not detectable:
Adding 'spaces' at the end of the line of visible characters.
Here is a clearsigned message without any spaces added:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This
Is
Just
a
Test
-----BEGIN PGP SIGNATURE-----
Comment: Fingerprint: C982 4216 3053 B6F3 62F2 7DC0 506F 4FA1 D35F B186
Comment: Key ID: 0xD35FB186
Comment: nothing added to cleartext
iQIcBAEBCAAGBQJUtCfmAAoJEFBvT6HTX7GGJlUP+QGHkTWBRvXUsfsVi5QyqJji
WKt5KkJIu+cv5dKVwJuWHVnhlCrdpqvVToofgk+oVJQp2KrnkesxkdwbPi87oJO9
nSc/4BCQedvYqa9nZ54YPGdRse9yttfzpwLtlbCWPqaMHN5trOwmBervAEW7GhCR
kmUeM7ZlPAj9QUVS8TKzWXlMu63YpYwrRGt1EXevbTaMcUWOOG9+azQy5nYw04oq
yuDDhdzV6MqL6bgxcnH4Psw5ykB59nlAEHjAeTVAObR6SzkSrOUhAL6velZcIJXq
kVLvKustBhTQ12JVL52S7Y+CMKQPE8SA2apvbhALV9RjnQK6jG99oradSFpQtlfh
PnM2ENRWZXi1D1BO5PJft4JzsMh2v6WqaiYJy5rmrJbbZyoo0vBqfizon1Mx2rtc
YmIOw7bvClV4oG/zOlC0aeI0QNKPGcESWWV5THEPVBGOx9edVcuzADJMJGbbIC/0
Ufs4lngy4zrKlLSWqwKM6MoYyXiRHsHaUCcGbXVGnbSspnUbEybDAPskBcqVp+DC
VH5NxDmQQEWUdTQEyiSmygXpa9GojX3KCFkF85Ohh3SUZ3O88ila+zpbDpfrXkJL
D2w6dyIqKghQuM9hivMYUNdLTYmWHNgDSbFyCcZuhzAbPCRx3tjle+BRSMKT3V6X
y0ofhIQ+3QeZzkHWkL+R
=M/in
-----END PGP SIGNATURE-----
It is possible to add blank spaces to the end of the visible characters on each line, as long as it doesn't result in a new line wrap,
and the signature will still verify.
Don't know of any practical exploits of this property, other than possibly intentionally padding the files to use up someone's storage,
(not likely in today's large storage capacity ;-) )
It could be useful if a sender and receiver would agree on a special code as to the padding,
i.e. if someone is being forced to sign something, the sender and receiver could agree
that adding the following spaces to each line for 4 lines:
7
7
2
4
would signify the hidden message:
signing
against
my
will
(but this could also easily be forged by anyone who knew the system ...)
Anyway, just a curiosity of which users should be aware.
Absolutely *no* suggestions/requests to change GnuPG in any way
(which wouldn't be backward compatible anyway)
Armored signing, or a detached signature of a text file, *will* detect any spaces added on to a line.
vedaal
More information about the Gnupg-users
mailing list