gpg --verify foo.asc --output foo yields a warning when everything is good
Open, NormalPublic

Description

So I'm not sure I understand correctly what's going on here, but bear with me. this works without warning:

$ gpg --output signed --verify < signed.asc
File 'signed' exists. Overwrite? (y/N) y
gpg: Signature made Wed May 15 20:29:42 2019 EDT
gpg:                using RSA key 4F95A91F7B3487230BC9CCF5B5FB9E3E3661A436
gpg: please do a --check-trustdb
[...]
Primary key fingerprint: 4F95 A91F 7B34 8723 0BC9  CCF5 B5FB 9E3E 3661 A436
$ sha256sum signed
f1baa747a8ed95137b33d0492ec72e19ec6e454f8b4e70e9af163ed6e9cb350f  signed

But this yields a warning:

$ gpg --output signed --verify signed.asc
File 'signed' exists. Overwrite? (y/N) y
gpg: Signature made Wed May 15 20:29:42 2019 EDT
gpg:                using RSA key 4F95A91F7B3487230BC9CCF5B5FB9E3E3661A436
[...]
Primary key fingerprint: 4F95 A91F 7B34 8723 0BC9  CCF5 B5FB 9E3E 3661 A436
gpg: WARNING: not a detached signature; file 'signed' was NOT verified!
$ sha256sum signed
f1baa747a8ed95137b33d0492ec72e19ec6e454f8b4e70e9af163ed6e9cb350f  signed

The file is exactly the same, and the file signed, in effect *WAS* verified. So I feel this warning is inaccurate:

gpg: WARNING: not a detached signature; file 'signed' was NOT verified!

If it isn't, it seems to me it *should* be able to make such an accurate statement (or not). I understand it might *stream* the content from the OpenPGP message and therefore add garbage at the beginning or end of file that might corrupt the signature. But GnuPG should be able to figure that out and fire that message only in that case.

Because that warning is present in one case and not the other, I am left totally confused as to whether this message is actually verified or not. Maybe < message.asc didn't actually verify the message? Who knows... (I know now that it does, after a lengthy conversation with #gnupg folks, thanks @dkg, but it seems to me this shouldn't be part of the message verification routine.)

I understand this is a rather weird edge case, but I suspect it might happen more often than we expect. This is a webmail user trying to send me signed text. I believe they might have done:

gpg --sign --armor

And then typed their message and copy-pasted it in their email client which, arguably, is a totally reasonable thing to do.

anarcat created this task.May 16 2019, 10:08 PM
anarcat created this object in space S1 Public.
werner triaged this task as Normal priority.May 17 2019, 1:03 PM
werner added projects: gnupg, OpenPGP.
werner added a subscriber: werner.

At the time the verification is done some output has already been written to the file 'signed'. When checking whether the deprecated abbreviated format

gpg --verify foo.asc

which is a short form of

gpg --verify foo.asc foo

is used we print the mentioned warning if the file 'foo' exists. In that case it is not possible to decide whether 'foo' was the signed and verified data or foo.asc is not a detached signature. Right now I have no idea what to do about it.