Page MenuHome GnuPG
Create Task
Maniphest T4060

Add ability to mark critical notations as "recognized" during signature verification
Open, NormalPublic
Actions

Description

It is possible to add a critical notation during signature creation:

echo x | gpg --sign --sig-notation !target@metacode.biz=node-1 > f.sig

But there is currently no way to mark the critical signature notation as "recognized" during signature verification.

That could be used to create signatures that will not be broadly found as valid but could be validated with software that understands these notations.

gpgme_op_verify will return summary GPGME_SIGSUM_RED and status GPG_ERR_BAD_SIGNATURE (with source GPGME) when a signature with critical notation is encountered.

The change would probably be additional argument to verify function that would mark the notation as recognized (either using the notation key and value or just the key).

An open question is what would happen if I mark a notation as recognized but the signature does not contain it.

Details

Version
2.2.8

Revisions and Commits

rG GnuPG
rGa59a9962f48f gpg: New option --known-notation.
rG3da835713fb6 gpg: New option --known-notation.
rM GPGME
rMa304ec0ede93 core: New context flags "known-notations".

Related Objects

Event Timeline

wiktor-k created this task.Jul 7 2018, 10:43 PM
werner triaged this task as Normal priority.Jul 8 2018, 7:49 AM
werner added a project: gnupg (gpg22).
werner added a subscriber: werner.

re: last question: Marking a notation as recognized does not mean gpg does do anything with it or that it demands this notation. The latter can be handled by the caller. For example, gpg knows about "preferred-email-encoding@pgp.com" but does not apply any semantic to it.

wiktor-k added a comment.Jul 8 2018, 9:49 PM

Agreed, after the verification succeeds the caller can (and probably will) check the signature notations.

BenM added a subscriber: BenM.Jul 13 2018, 5:57 AM
werner added a commit: rG3da835713fb6: gpg: New option --known-notation..Aug 29 2018, 9:46 AM
werner added a commit: rGa59a9962f48f: gpg: New option --known-notation..
werner closed this task as Resolved.Aug 29 2018, 9:47 AM
werner claimed this task.

Will be in 2.2.10

wiktor-k added a comment.Aug 29 2018, 9:50 AM

Thank you!

werner mentioned this in T4112: GnuPG 2.2.10 release.Aug 30 2018, 3:58 PM
werner reopened this task as Open.Sep 4 2024, 11:08 AM
werner added a project: gpgme.

We need a way to pass --known-notation to gpgme_op_verify

wiktor-k added a comment.Sep 4 2024, 11:24 AM
In T4060#190972, @werner wrote:

We need a way to pass --known-notation to gpgme_op_verify

Thank you for considering this addition. This is very much appreciated! 🙇

werner edited projects, added gnupg; removed gnupg (gpg22).Fri, Oct 25, 12:10 PM

Solved for gnupg 2.2, 2.4 and 2.6. GPGME support still missing.

werner added a commit: rMa304ec0ede93: core: New context flags "known-notations"..Tue, Oct 29, 12:02 PM
werner moved this task from Backlog to QA for next release on the gpgme board.Tue, Oct 29, 12:04 PM

Alright, finally supported by gpgme (fot 1.24) For testing you may use

tests/run-verify --known-notations  'foo@bar something, bla@buh.de'  a.sig

Thus you give a list of known notations either space or comma delimited. Each one translates into one --known-notation for gpg.

An open question is what would happen if I mark a notation as recognized but the signature does not contain it.

This is the same as with the predefined critical notation "preferred-email-encoding@pgp.com" : It is ignored. You may use the regular notations functions to check for the existence of a notation.

wiktor-k added a comment.Wed, Oct 30, 9:34 AM

I've checked and can confirm this is working as intended.

First, I made a signature with a critical notation:

$ echo x | gpg --sign --sig-notation '!target@metacode.biz=node-1' > f.sig

Then I used your command for verification:

$ tests/run-verify --known-notations  'target@metacode.biz'  f.sig
Original file name .: [none]
MIME flag ..........: no
Signature ...: 0
  status ....: Success
  summary ...: valid green
  fingerprint: 0C7C54912FD932BCDF13726A767CE224DB311B3C
  created ...: 1730276976
  expires ...: 0
  validity ..: full
  val.reason : Success
  pubkey algo: 303 (EdDSA)
  digest algo: 10 (SHA512)
  pka address: [none]
  pka trust .: n/a
  other flags:
  notation ..: 'target@metacode.biz'
    flags ...: critical human (0x03)
    value ...: 'node-1'

Just for comparison, if the notation name is not marked as known the output is:

$ tests/run-verify f.sig
Original file name .: [none]
MIME flag ..........: no
Signature ...: 0
  status ....: Bad signature
  summary ...: red
  fingerprint: 767CE224DB311B3C
  created ...: 0
  expires ...: 0
  validity ..: unknown
  val.reason : Bad signature
  pubkey algo: 0 ([none])
  digest algo: 0 ([none])
  pka address: [none]
  pka trust .: n/a
  other flags:

It seems the invocation is done via:

gpgme_set_ctx_flag(ctx, "known-notations", known_notations);

Thanks for implementing this!

werner mentioned this in T7376: Release GPGME 1.24.0.Wed, Nov 6, 11:41 AM
ikloecker mentioned this in T7395: Prepare Release Notes for Gpg4win 4.4.0 for Kleopatra.Thu, Nov 14, 9:23 AM