Page MenuHome GnuPG
Create Task
Maniphest T1968

Bad signatures prevent user from signing a key
Open, NormalPublic
Actions

Description

Summary

I have setup a public key for Alice that has one valid signature from Bob and
one invalid signature from Mallory. If you are the real Mallory with her secret
key, GnuPG will behave like you have already signed Alice's public key (even if
that signature is bogus).

Steps To Reproduce

  1. Import Alice's key that has a fake signature from Mallory (same as Bug 1).

$ gpg2 --check-sigs

/home/user/testring/pubring.gpg

pub 2048R/65B57FDF 2015-04-01
uid Bob User (Good Signature) <bob+goodsig@example.com>
sig!3 65B57FDF 2015-04-01 Bob User (Good Signature)

<bob+goodsig@example.com>

sub 2048R/83518D34 2015-04-01
sig! 65B57FDF 2015-04-01 Bob User (Good Signature)

<bob+goodsig@example.com>

pub 2048R/B8062D4C 2015-04-01
uid Mallory User (Bad Signature) <mallory+badsig@example.com>
sig!3 B8062D4C 2015-04-01 Mallory User (Bad Signature)

<mallory+badsig@example.com>

sub 2048R/FDE6C57B 2015-04-01
sig! B8062D4C 2015-04-01 Mallory User (Bad Signature)

<mallory+badsig@example.com>

pub 2048R/A5452207 2015-04-01
uid Alice User (Signature Test) <alice+sigtest@example.com>
sig!3 A5452207 2015-04-01 Alice User (Signature Test)

<alice+sigtest@example.com>

sig! 65B57FDF 2015-04-01 Bob User (Good Signature)

<bob+goodsig@example.com>

sig- B8062D4C 2015-04-01 Mallory User (Bad Signature)

<mallory+badsig@example.com>

sub 2048R/0BE64ECE 2015-04-01
sig! A5452207 2015-04-01 Alice User (Signature Test)

<alice+sigtest@example.com>

1 bad signature

  1. Have Mallory's secret key.

$ gpg2 --list-secret-keys

/home/user/testring/secring.gpg

sec 2048R/B8062D4C 2015-04-01
uid Mallory User (Bad Signature) <mallory+badsig@example.com>
ssb 2048R/FDE6C57B 2015-04-01

  1. GnuPG will act as if Mallory has already signed Alice's public key.

$ gpg2 --sign-key A5452207

pub 2048R/A5452207 created: 2015-04-01 expires: never usage: SC

trust: unknown       validity: unknown

sub 2048R/0BE64ECE created: 2015-04-01 expires: never usage: E
[ unknown] (1). Alice User (Signature Test) <alice+sigtest@example.com>

"Alice User (Signature Test) <alice+sigtest@example.com>" was already signed

by key B8062D4C

Nothing to sign with key B8062D4C

Key not changed so no update needed.

What Should Happen

GnuPG should verify the signature is valid before acting as if Alice's key is
already signed by Mallory.

Details

Version
2.0.22

Event Timeline

diafygi set Version to 2.0.22.May 3 2015, 12:42 AM
diafygi added projects: gnupg, Bug Report.
diafygi added a subscriber: diafygi.
werner claimed this task.May 4 2015, 12:21 PM
werner added a subscriber: werner.
werner added a comment.May 4 2015, 12:30 PM

Note that when using the --export option you are asked whether you want to add
another signature. This can be used as a workaround until the problem has been
fixed.