Problem to verify PGP key used by Microsoft
Open, NormalPublic

Description

Hello,

Microsoft Security Notifications are signed by a public PGP Key.The latest version was downloaded and the fingerprint was checked and I confirmed it with my private PGP Key in Kleopatra. This was done successfully. The old Microsoft Key worked fine until it expired, but is still in Kleopatra and is marked in red as expired key.So far everything sounds well for me.

If I receive a new Microsoft Security Notification, the PGP Key is not verified. The status is shown as "not save" with a question mark displayed as Icon. I have no doubt, that the mail is from Microsoft, but I do not understand why it cannot be verified.

I want to stress, that I can successfully verify other PGP signatures, e.g. issued by BSI for their notifications. I am absolutely sure, that I have the current Mircrosoft key installed, the fingerprint is: 2E27 8E1A AEB4 7572 D314 7163 DF4F F904 C341 557F

I look forward to your support in this matter! THANKS

Details

Commits
rOdfd9fa3c85cd: Fix tooltip for bad signature
Version
gpg4win 3.1.5, Kleopatra 3.1.4, GnuPG 2.2.11, GPgOl 2.3.2

Related Objects

JW-D created this task.Thu, Dec 20, 8:38 AM
werner edited projects, added FAQ, OpenPGP; removed Bug Report.Thu, Dec 20, 8:40 AM

I agree. It also happens to me. But only with mails coming from "Microsoft security update releases". Mails coming form "Microsoft security advisory notification" and Microsoft security update summary for..." are ok and are signed by the same key. It could be some trouble in MS automated email treatment.

JW-D added a comment.Thu, Dec 20, 9:39 PM

I checked my mails in detail, and I can confirm that the error occurs only with "Microsoft security update releases". Indeed "Microsoft security advisory notification" and "Microsoft security update summary for..." will be verified correctly.

werner added a subscriber: werner.Fri, Dec 21, 8:37 AM

Is it possible that you upload or send me a copy of such a mail (wk gnupg.org)? ZIP or tar the eml file and send it in an encrypted mail to me to make sure it won't be modified on the transport.

JW-D added a comment.Fri, Dec 21, 9:38 AM

Sure, I zipped the eml which failed and I´ll send it by e-mail to you

Thanks. The mail is a standard, non-crypto mail with one attachment. That attachment is a TNEF file which has according to ytnef(1) just one file. That file has the name gpgolPGP.dat and contains a clearsigned message.

I don't know why Microsoft sends it this way but I have seen several private mails in the last time which had a TNEF attachment instead of a regualr attachment. Usually I don't bother to look into this. I am not the Outlook expert, though.

@aheinecke: Any more ideas?

BenM added a subscriber: BenM.Fri, Dec 21, 8:18 PM

What are MS doing when they get it right, though? I'd look at the differences between those two to identify what they've messed up here.

JW-D added a comment.Fri, Dec 28, 4:12 PM

I contacted Microsoft Security Response Center (MSRC) in regard to this matter. They confirmed the failed PGP key verification, but have not yet any explanation for that.

werner renamed this task from Problem to verify PGP key to Problem to verify PGP key used by Microsoft.Fri, Dec 28, 6:14 PM
werner triaged this task as High priority.
aheinecke claimed this task.Mon, Jan 7, 9:02 AM
aheinecke edited projects, added gpgol; removed OpenPGP, FAQ.

If it contains a gpgolPGP.dat it means that it was already parsed by GpgOL and GpgOL created the MOSS attachment from the clearsigned original message. That it's tnef is part of the export and should not be a problem.

I understand it correctly that the problem is that GpgOL fails to verify the message originally? I'll subscribe to such notifications to check. I'll would need logs otherwise but I should be able to see it for myself.

JW-D added a comment.Mon, Jan 7, 9:19 AM

Yes, GpgOL in version 2.3.2 fails to verify the original message, it is labeled as "not-secure". But it happens only to "Microsoft security update releases", not to other Microsoft Security Notifications which I receive on regular base. I contacted Microsoft Security Responce Center (MSRC) and they confirmed the failure of signature verification in this case. They were not aware about it, but checked it by them self after my mail. They had no explanation for that. Labeling the message as "not-secure" would may indicate that it would be altered in transport, but MSRC did not say that. Therefore, I still assume, that we have a bug in GnuPG.

I want to stress, that this problem occurred not only once, it happened with all "Microsoft security update releases" in the past months. If you provide me with your e-mail address, I´ll send two files EML format to you. In one, the Microsoft signature can be verified, in the other not. So you can test it by yourself, but MSRC confirmed it already in December.

@JW-D thanks. Please send them to aheinecke@gnupg.org

I somehow can't subscribe to the newsletters myself under:

https://www.microsoft.com/en-us/msrc/technical-security-notifications

clicking on the security notification service link just redirects me to https://www.microsoft.com/isapi/gomscom.asp?target=/404.htm which shows an empty page,... :-/ I even tried with edge on Windows but it didn't work either.

JW-D added a comment.Mon, Jan 7, 10:18 AM

Very strange, but I tried it by myself, after your mail. The same for me. However, I can offer you to send two mails to you as EML files, one works, the other not. I using GnuPG also for verification from BSI newsletter, it works fine there. The problem is only with newsletters from "Microsoft security update releases", other Microsoft security notifications can be verified as well.

Yes, please send the mails. Maybe they will show me the problem already. :-)

The BSI newsletters work for me, too. But that is proper PGP/MIME so it's a bit different and better.

JW-D added a comment.Mon, Jan 7, 10:42 AM

Please, provide e-mail address, then I´ll send it asap

I did in my first comment here ;-)

aheinecke@gnupg.org

JW-D added a comment.Wed, Jan 9, 9:13 AM

Yesterday Microsoft issued three PGP signed mails. It is the first communication after MSRC confirmed failure of verification and promised to have internal procedures changed. I received those mails on two different machines, one equipped with Outlook 2016, the other with Thunderbird. Last year all messages failed on Outlook and Thunderbird, if the were issued from "Microsoft Security Update Releases".

Situation is now different, the PGP can be verified with Thunderbird, but Outlook 2016 still fails. BUT, Outlook can confirm PGP signatures from two other mails sent by Microsoft yesterday; adn does it generally well by other senders (like BSI). It is a little bit a miracle for me. Because on Outlook all other sender working fine with PGP!

I´ll send asap some screenshots and the EML file to A. Heinecke by e-mail and I´ll contact MSRC again on this matter.

I'll work on this right now. Please wait with contacting MSRC before I have a chance to find out what the problem is.

JW-D added a comment.Wed, Jan 9, 9:33 AM

I must make a correction of my earlier statement from today. The three Microsoft messages were not displayed in the same order on the screen on both machines. I must say, that on Outlook 2016 AND Thunderbird PGP verification still fails by "Microsoft Security Update Releases". It is the same situation as last year, nothing has been changed. I sent two files in EML format and some screenshots to A.Heinecke today.

The tooltip:

Does it say the same for you that the mail address could not be matched?

I think that is a problem on our side. We try to match the mail address of the sender with the mail address from the key. Here it fails somehow.

JW-D added a comment.Wed, Jan 9, 9:43 AM

No, I can´t confirm it, I get no reason displayed. The key which I use is shown in my screenshot (I´ll send by e-mail)

Ok. So the tooltip was another issue. Which I've fixed now.

The signature is indeed marked as just bad. Meaning that the checksum calculated for the message does not match the signature.

If I copy it out of the gpgolPGP.dat attachment and try to verify it manually it fails, too (this works with the good message). So that message was either broken in transfer or when GpgOL created the attachment containing the original message.

I can't really say where the problem is without access to the original message before GpgOL touched it once. The messages that fail to verify which you have sent me were both already modified by GpgOL. So I don't have a baseline of the same message that would verify and so I can't tell the difference between the valid message and the bad message :-/.

I've tried to find the Microsoft mails in public archives but I did not find it.

JW-D added a comment.Wed, Jan 9, 11:41 AM

A pristine file I do not have, because every file passes GpgOL before displayed. I suggest, you subscribe to the service and if you de-install GpgOL, you should obtain a pristine file.

@JW-D I would very much like to but I still only get an error on that page. Can you give me another, working, subscribe link? Maybe I found a wrong one.

Andre,
Were useful for you the files that I sent yesterday? There were extracted using MFCMAPI MFCMAPI tool once emails were collected but before opened by Outlook. When it's checked one of them fails to verify signature. Other two are ok (diferent origin but the same key).

aheinecke lowered the priority of this task from High to Normal.Wed, Jan 9, 12:54 PM

@jmrexach Thanks for the reminder, I confused those with other mails I've gotten regarding this issue.

The three messages you've sent me are indeed as plain as it gets. And even there the signature is bad. So GpgOL does not appear to blame here. Either the message is somehow modified in transfer or microsoft is indeed creating a bad signature.

(main) aheinecke@esus ~/d/m/d/Microsoft Verification problems> gpg --verify 1.txt
gpg: Signature made Tue 08 Jan 2019 02:03:36 AM CET
gpg: using RSA key 2E278E1AAEB47572D3147163DF4FF904C341557F
gpg: Good signature from "Microsoft Security Notifications <securitynotifications@e-mail.microsoft.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2E27 8E1A AEB4 7572 D314 7163 DF4F F904 C341 557F
(main) aheinecke@esus ~/d/m/d/Microsoft Verification problems> gpg --verify 2.txt
gpg: Signature made Tue 08 Jan 2019 02:05:23 AM CET
gpg: using RSA key 2E278E1AAEB47572D3147163DF4FF904C341557F
gpg: Good signature from "Microsoft Security Notifications <securitynotifications@e-mail.microsoft.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2E27 8E1A AEB4 7572 D314 7163 DF4F F904 C341 557F
(main) aheinecke@esus ~/d/m/d/Microsoft Verification problems> gpg --verify 3.txt
gpg: Signature made Tue 08 Jan 2019 02:06:52 AM CET
gpg: using RSA key 2E278E1AAEB47572D3147163DF4FF904C341557F
gpg: BAD signature from "Microsoft Security Notifications <securitynotifications@e-mail.microsoft.com>" [unknown]

I can't tell what is broken / modified. But if plain GnuPG cannot verify the signature of the mail extracted by MFCMAPI GpgOL is not to blame here.
I've imported 3.txt into kmail and it also does not verify it. Neither does Enigmail.

So I would say that this is not a bug on our side but a problem with the message as received by you and that it is out of our hands.

I agree. It seems a MS trouble. It remembers the trouble that you have when send email of new version available for your software. Something modifies the signed content.

JW-D added a comment.Wed, Jan 9, 1:34 PM

Indeed in view of this data, it seems to be that the problem occurs by Microsoft. It fits also with the fact, that all other signatures are working fine from my experience.