Page MenuHome GnuPG
Create Task
Maniphest T1060

extract signature from encrypted and signed file/message
Closed, ResolvedPublic
Actions

Description

Some time ago a user asked in Debian bug #282061 for a way to extract the
signature from a signed and encrypted file. Now I searched the archives a bit
and found http://lists.gnupg.org/pipermail/gnupg-users/2001-August/009589.html
and http://lists.gnupg.org/pipermail/gnupg-users/2004-April/022352.html, which
seem to be related to this topic. Is it still the position of the gnupg authors
to not implement such a feature/switch? In this case please simply close this
report.

Details

External Link
http://bugs.debian.org/282061
Version
1.4.9

Related Objects

Event Timeline

dleidert added projects: Feature Request, Debian, gnupg.May 22 2009, 5:39 PM
dleidert set Version to 1.4.9.
dleidert set External Link to http://bugs.debian.org/282061.
dleidert added a subscriber: dleidert.
dshaw added a subscriber: dshaw.May 22 2009, 7:21 PM

This is the occasionally-requested "--unwrap" command which would stop
processing after a single layer of the file. I.e. convert Enc(Sign(data)) to
Sign(data).

werner set Due Date to Feb 1 2010, 1:00 AM.Sep 3 2009, 7:29 PM
werner added a subscriber: werner.Apr 22 2013, 10:00 AM

Pending for a long time; should be considered for 2.1

werner changed Due Date from Feb 1 2010, 1:00 AM to Oct 31 2013, 1:00 AM.Apr 22 2013, 10:00 AM
werner added a project: gnupg (gpg21).
neal added a subscriber: neal.Nov 5 2015, 12:31 PM

D90: 707_0001-common-Add-a-function-for-copying-data-from-one-iobu.patch

neal added a comment.Nov 5 2015, 12:31 PM

This implements the requested --unwrap feature. It strips the first level of
encryption and then dumps the data.

$ gpg2 --decrypt --unwrap /tmp/a | gpg2 --list-packets
Please enter the passphrase to unlock the OpenPGP secret key:
"Testing (insecure!)"
1024-bit RSA key, ID 6EA74366,
created 2015-09-18 (main key ID EE37CF96).

Passphrase:
gpg: encrypted with 1024-bit RSA key, ID 6EA74366, created 2015-09-18

"Testing (insecure!)"

off=0 ctb=a3 tag=8 hlen=1 plen=0 indeterminate

:compressed packet: algo=2

off=2 ctb=90 tag=4 hlen=2 plen=13

:onepass_sig packet: keyid 58859975EE37CF96
version 3, sigclass 0x00, digest 8, pubkey 1, last=1

off=17 ctb=cb tag=11 hlen=2 plen=13 new-ctb

:literal data packet:
mode b (62), created 1446641593, name="",
raw data: 7 bytes

off=32 ctb=88 tag=2 hlen=2 plen=156

:signature packet: algo 1, keyid 58859975EE37CF96
version 4, created 1446641611, md5len 0, sigclass 0x00
digest algo 8, begin of digest b7 8a
hashed subpkt 2 len 4 (sig created 2015-11-04)
subpkt 16 len 8 (issuer key ID 58859975EE37CF96)
data: [1023 bits]

neal added a comment.Nov 5 2015, 12:32 PM

D89: 708_0002-gpg-Add-support-for-unwrapping-the-outer-level-of-en.patch

neal added a project: In Progress.Nov 5 2015, 12:32 PM
neal added a comment.Nov 5 2015, 12:35 PM

Verifying the unwrapped data also works:

$ gpg2 --decrypt --unwrap /tmp/a > /tmp/b
Please enter the passphrase to unlock the OpenPGP secret key:
"Testing (insecure!)"
1024-bit RSA key, ID 6EA74366,
created 2015-09-18 (main key ID EE37CF96).

Passphrase:
gpg: encrypted with 1024-bit RSA key, ID 6EA74366, created 2015-09-18

"Testing (insecure!)"

$ gpg2 --verify /tmp/b
gpg: Signature made Wed 04 Nov 2015 01:53:31 PM CET using RSA key ID EE37CF96
gpg: Good signature from "Testing (insecure!)" [full]
gpg: Verified 7 messages signed by "Testing (insecure!)" (key: 362D 3527 F53A
AD19 71AA FDE6 5885 9975 EE37 CF96, policy: good) in the past 1 day, 20 hours.
The most recent message was verified 22 hours, 40 minutes ago.

neal added a comment.Nov 5 2015, 2:21 PM

Committed (ec409e6).

werner removed Due Date.Jan 11 2016, 3:21 PM

This was implemented for 2.1. We won't backport it to 1.4 or 2.0.

werner removed a project: In Progress.Jan 11 2016, 3:21 PM
werner added a project: Restricted Project.
werner closed this task as Resolved.May 6 2016, 8:28 PM
werner claimed this task.
werner removed a project: Restricted Project.
werner mentioned this in T1287: Feature request: --decrypt-only.Mar 30 2017, 7:20 PM