Page MenuHome GnuPG

extract signature from encrypted and signed file/message
Closed, ResolvedPublic

Description

Some time ago a user asked in Debian bug #282061 for a way to extract the
signature from a signed and encrypted file. Now I searched the archives a bit
and found http://lists.gnupg.org/pipermail/gnupg-users/2001-August/009589.html
and http://lists.gnupg.org/pipermail/gnupg-users/2004-April/022352.html, which
seem to be related to this topic. Is it still the position of the gnupg authors
to not implement such a feature/switch? In this case please simply close this
report.

Details

External Link
http://bugs.debian.org/282061
Version
1.4.9

Event Timeline

dleidert set Version to 1.4.9.
dleidert set External Link to http://bugs.debian.org/282061.
dleidert added a subscriber: dleidert.

This is the occasionally-requested "--unwrap" command which would stop
processing after a single layer of the file. I.e. convert Enc(Sign(data)) to
Sign(data).

Pending for a long time; should be considered for 2.1

werner changed Due Date from Feb 1 2010, 1:00 AM to Oct 31 2013, 1:00 AM.Apr 22 2013, 10:00 AM
werner added a project: gnupg (gpg21).

This implements the requested --unwrap feature. It strips the first level of
encryption and then dumps the data.

$ gpg2 --decrypt --unwrap /tmp/a | gpg2 --list-packets
Please enter the passphrase to unlock the OpenPGP secret key:
"Testing (insecure!)"
1024-bit RSA key, ID 6EA74366,
created 2015-09-18 (main key ID EE37CF96).

Passphrase:
gpg: encrypted with 1024-bit RSA key, ID 6EA74366, created 2015-09-18

"Testing (insecure!)"

off=0 ctb=a3 tag=8 hlen=1 plen=0 indeterminate

:compressed packet: algo=2

off=2 ctb=90 tag=4 hlen=2 plen=13

:onepass_sig packet: keyid 58859975EE37CF96
version 3, sigclass 0x00, digest 8, pubkey 1, last=1

off=17 ctb=cb tag=11 hlen=2 plen=13 new-ctb

:literal data packet:
mode b (62), created 1446641593, name="",
raw data: 7 bytes

off=32 ctb=88 tag=2 hlen=2 plen=156

:signature packet: algo 1, keyid 58859975EE37CF96
version 4, created 1446641611, md5len 0, sigclass 0x00
digest algo 8, begin of digest b7 8a
hashed subpkt 2 len 4 (sig created 2015-11-04)
subpkt 16 len 8 (issuer key ID 58859975EE37CF96)
data: [1023 bits]

Verifying the unwrapped data also works:

$ gpg2 --decrypt --unwrap /tmp/a > /tmp/b
Please enter the passphrase to unlock the OpenPGP secret key:
"Testing (insecure!)"
1024-bit RSA key, ID 6EA74366,
created 2015-09-18 (main key ID EE37CF96).

Passphrase:
gpg: encrypted with 1024-bit RSA key, ID 6EA74366, created 2015-09-18

"Testing (insecure!)"

$ gpg2 --verify /tmp/b
gpg: Signature made Wed 04 Nov 2015 01:53:31 PM CET using RSA key ID EE37CF96
gpg: Good signature from "Testing (insecure!)" [full]
gpg: Verified 7 messages signed by "Testing (insecure!)" (key: 362D 3527 F53A
AD19 71AA FDE6 5885 9975 EE37 CF96, policy: good) in the past 1 day, 20 hours.
The most recent message was verified 22 hours, 40 minutes ago.

This was implemented for 2.1. We won't backport it to 1.4 or 2.0.

werner added a project: Restricted Project.
werner claimed this task.
werner removed a project: Restricted Project.