What happened to this signature?

Moritz Klammler moritz at klammler.eu
Sun Sep 11 21:17:31 CEST 2016


Today, I've posted a signed message (OpenPGP MIME) to a public mailing
list I'm subscribed to.  When it was delivered back to me, the signature
was broken.  I investigated the case and found out that some silly MTA
had un-escaped a minus-character in the message body (quoted-printable)
and added a blank line at the top.  This is annoying but is adequately
explained by stupidity so it didn't alarm me.  Similar things have
happened to me many times in the past.  What *did* alarm me is that a
further investigation reveled that the signature itself was changed,
too.

This is the original, good, signature as it was created by myself.

    -----BEGIN PGP SIGNATURE-----
    
    iQEcBAEBCAAGBQJX1XnOAAoJEM9sUWbzk6nA7JsH/1axM1lcgsDmLUvZM51yQGmg
    4B+P9p/iFLszGY7vXh/RY+Nfs6fEtlqUPaJf4iHWtM5AewzoAItNPeK7kRJqdTs7
    7DADoMdeAE63n8trTqDeAqU1gOq+YAvIhvs1b9ocalAwcPEQllKKUsmjS3NYFbRH
    LM1nhHdwQXlIWXGWOhqJI6HxcGBO1+ebMY66MndfNQIiT9hWQtAkRT4gg/qJHT1z
    1jsSff6RCj9QKA4ohKnIxeoe7uJFdpoOlueqnpSFCYPKwp86e4f8dRvxVxhSuDU1
    EPYILSMDkt0YKwXZGCF8LWlR6PG3wiHrmPQbmNfVdAf+7ygTmdLo59OIJ6778dc=
    =KUSY
    -----END PGP SIGNATURE-----

And this is the signature as it came back to me.

    -----BEGIN PGP SIGNATURE-----
    
    iQEcBAEBCAAGBQJX1XnJAAoJEM9sUWbzk6nAVQ4H/110oZwIor4UFJh2+41ydfJL
    8gRG95rDxSAhydHjqS0vdFcl+eG0uQfhvc7rndkmV4fLpM1GMiNqlDZhCWsTGyXy
    d/UAS9G4whs1bwJZcRHswDmuveH3EB3V7vu77zOzC1V+dsmXjlw63AMwKRoPojwU
    Zle9CSTx4yyPO5UIGbWkbAcYybpKuQ3uv/pe/jq6V659H1fZnq9iaQXDTnPhRr8w
    /F+n0NI1a4pFGWkY1wjuzuvzcedtb2bnn4pSbbkegli8Gnw7ILk0pzDi8r4rPjDo
    a9qoHv6DXczeHq9h8R5iJ3/OKSR90l7aydckZiyZ5Syd0TJR8LCsobDaMvDDmhg=
    =bTBV
    -----END PGP SIGNATURE-----

I have run `gpg --list-packets --verbose` on both signatures and found
that the "created", the "begin of digest" and the "data" field had
changed.  I've checked out RFC 4880 and concluded that "digest algo 8"
must mean that SHA256 has been used.  I *thought* that the "begin of
digest" field should then hold the two leftmost octets of the SHA256
hash of the signed message but this wasn't true for either message.  The
hashes are

    1e382398177e8cf1a7e5c7ae470ff8f756369d1531fcbe3c15c3825e15bfa726
    ce4f76719e0fb01f344c5dae9aad83daf00bf014f4884d33cf51e797ef3d0be2

for the original and modified messages respectively.  I'm confident that
I've hashed the correct parts of the MIME message because GnuPG verifies
the signature for the original message.

I'm not panicked because the changed signature file is invalid anyway
but I'm somewhat alerted whether the modified signature can still be
explained without assuming malice.  First of all, I would like to better
understand in what ways the signature was modified and appreciate any
help in analyzing the fields.  Secondly, I would like to know whether
this is something that happens on a regular basis to other people as
well.  I cannot see any signs of a real attack here because the message
was not altered in a way that an attacker could possibly benefit from.
The only conspiracy I can come up with is that somebody might have
wanted to challenge my awareness and test my response to such incidents.
Or simply annoy OpenPGP users such that they'll eventually stop using
it.

Thanks in advance for any insights.

-- 
OpenPGP:

Public Key:   http://openpgp.klammler.eu
Fingerprint:  2732 DA32 C8D0 EEEC A081  BE9D CF6C 5166 F393 A9C0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 454 bytes
Desc: not available
URL: </pipermail/attachments/20160911/99c21d06/attachment.sig>


More information about the Gnupg-users mailing list