preferring --check-sigs over --list-sigs [was: Re: Houston, we have a problem]

Peter Lebbing peter at digitalbrains.com
Thu Sep 28 15:18:09 CEST 2017 

On 28/09/17 13:30, Andrew Gallagher wrote:
> What specific error are you getting? I don't see any errors using
> --check-sigs on that key, but then I don't trust Governikus so I'm not
> performing the same test that you are.

Are you sure you had the Governikus key in your keyring? I am seeing the
same as Stefan: the signature is bad. It says sig-3, the dash indicates
failure. It should have been sig!3 for a good signature.

For reference, this is the Governikus signature in --list-packets format:

:signature packet: algo 1, keyid 5E5CCCB4A4BF43D7
        version 4, created 1506196241, md5len 0, sigclass 0x13
        digest algo 8, begin of digest 6b 6e
        hashed subpkt 2 len 4 (sig created 2017-09-23)
        hashed subpkt 5 len 2 (trust signature of depth 1, value 60)
        subpkt 16 len 8 (issuer key ID 5E5CCCB4A4BF43D7)
        data: [4095 bits]

It is a SHA256 trust signature issued by an RSA key. I think it's odd
they issue a level 1 partial trust signature, but I'd guess they think
they're doing their users a service by making it possible to
automatically assign partial trust to all keys signed by them, if you
want to. Don't worry, this won't happen unless you issue at least a
level 2 trust signature to Governikus. At least, I'm fairly sure it's
not enough to simply assign full ownertrust to Governikus, ownertrust
and trust signatures don't interact, right?

I don't see anything yet that stands out to me as "this must be why it's
a bad signature".

But we can always dig deeper. Using gpg's debugging output, it is clear
that the RSA signature is well-formed, but the hash doesn't match. If I
read it right, GnuPG wants the hash to be:
8fa83f9358156973aa13d8bec76f29f960a5ef0baf4f9ecb63df7a0296ea1f46
But the Governikus signature hash is:
6b6e7c7823d29203332faae25a3abb18a7e36689a77e5f32feb57c73e7e0ec48

I didn't actually parse the ASN.1, though, I simply used common sense:
the signature packet indicates the Governikus hash starts with 6b 6e,
and the length is correct for a SHA-256 hash, so it makes sense that the
ASN.1 ends with the pure hash. Haven't thought about endianness.

I don't know what could cause this. This is as far as I can go. Perhaps
a developer recognises the situation.

Here's the debugging output:
--8<---------------cut here---------------start------------->8---
gpg: DBG: rsa_verify
data:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffff003031300d0609608648016503040201050004208f \
gpg: DBG:
a83f9358156973aa13d8bec76f29f960a5ef0baf4f9ecb63df7a0296ea1f46
gpg: DBG: rsa_verify
sig:+7c0d84121a51ae5f5e99d131fc0e0e1e9157b03375b65bfd706aef1b42776ccd \
gpg: DBG:
c5ef1d4c7a4a77733af8f49648000e2c779e176e4874609ca3d22a88beac09c4 \
gpg: DBG:
f4556a9a25636ac6acc33e366356fb71f7c702771a622773ab55fe00cb4d3f71 \
gpg: DBG:
6d291871302dc35e0ecd9a37cf60887d9b65e2f751172eb9c81e5c9bb76d3b07 \
gpg: DBG:
f2589f29196761f39d9786956ba8d20a2a4df6f0157861bc49a972d923567135 \
gpg: DBG:
a45bcaf8bded2a55edcdadd7109fef620b533fabb0a29bcf4a254a2a6043be46 \
gpg: DBG:
be8606d0e21075a1b1927f3a3c846a21abb52d64c3260c451a7a9688ff290caf \
gpg: DBG:
9be60639618cd547dd6ad5beed0dd0167ba01fafbcf0b8650b02bd47166d5705 \
gpg: DBG:
2b30fd7314625b925b4638469524b54d084f1e4bec5fd3ed19b576fc25fffe27 \
gpg: DBG:
cf71b534be9cf865f4db030bf99f2617f4520c6c47bf94593af2fe91800cc838 \
gpg: DBG:
8e43c86864d5338b53ef88d65657b5ba241072cdc4b1744b44bd01ccbf9e8124 \
gpg: DBG:
83fb23c00e94900bd94c3070c0dfbfd85a8244e07b22f275376dd9ba8b8af16b \
gpg: DBG:
6f79ed424330e4b4611478863ad67819a1a12fe86ec6bb466d8823d5982c462a \
gpg: DBG:
4a2f35a8369092487d66d12f75e7701205e2d3b6b5932e01a98d66e2ac61243a \
gpg: DBG:
d97d8f5c46d7d965d27e1dbaee09af1c2787121845d11a73c8a3b5b6dc66d44b \
gpg: DBG:
d849cd96decb42ad8d4d7df80da7aa9ddc072c37fea1cf68c349d7c3a4909e2a
gpg: DBG: rsa_verify
n:+ac04bff70099263c05a8a3be359f82648d18b3b0e5b7fd15994c438683ba175b \
gpg: DBG:
7d6763f59f8778f01957fa82a3edcc94896de20f1fe8b0e4d214db863f18013f \
gpg: DBG:
8e4ab9b4d16e4381cca8b877db3399a99aa8475c6ba9b6e04143e5e55ac8c438 \
gpg: DBG:
323e5365abef50c0468dc8afeb03cd0e15846393d5a52aaa7b60ade16b834214 \
gpg: DBG:
d8be2000ac9550327215c2e8da95cd8e5ba60dbf2846f139ffd44e1e3a1dd366 \
gpg: DBG:
e3e7c0a7c1dd8924501e8f93bfb18020fbae5c3f942a0e8b0c61f5561ee9b17d \
gpg: DBG:
23521cabc4c26213236720824a0356c34af4e22ee1da9dde2d151e1b0b0e04d6 \
gpg: DBG:
a63df7817aadaa43964bd57de7c1c4d0092ba132a9e5bd8bb05335d5e195a5b4 \
gpg: DBG:
c47d121004021f3648a13da771edf0a48601fc047b9aa54d4f58fba2f53b680e \
gpg: DBG:
29e2e8c6101f050fc5035f08f38300b1c799e6631efff5eb78c1d8898c6862cf \
gpg: DBG:
3cc167e371817499afff072f5b3f8e150a4c836580911d17f47fc460ae8d6547 \
gpg: DBG:
ca4b067811cae95590e294e89610af96aeb834697d9525d86ce74129e432dc7c \
gpg: DBG:
4380807b1eb6fd5dfc5604ab3d050bf9f1ba589979f914717e11807b02787681 \
gpg: DBG:
66b729babd216b2e85beb3565d2583fc1fff7c69a6ec91226b40b2fe0aead4f9 \
gpg: DBG:
7625d05eb251e3ab8a85f16981c85ec03d745db81dee38ca948e4aa5aff14529 \
gpg: DBG:
f6ae044278dec55f50ccb7c918d7f9b41443df640ddebc7d1632bf90d47dc9cf
gpg: DBG: rsa_verify    e:+010001
gpg: DBG: rsa_verify
cmp:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpg: DBG:
ffffffffffffffffffffff003031300d0609608648016503040201050004206b \
gpg: DBG:
6e7c7823d29203332faae25a3abb18a7e36689a77e5f32feb57c73e7e0ec48
gpg: DBG: rsa_verify    => Bad signature
--8<---------------cut here---------------end--------------->8---

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170928/fc2bb201/attachment.sig>

More information about the Gnupg-users mailing list