Page MenuHome GnuPG

Kleopatra: Misleading result when decrypting clear signed message followed by public key block in notepad
Closed, ResolvedPublic

Description

If I put the following into notepad

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

bar
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE0MFuEqOl54V/b8HTD1vkKiPJHOMFAmTBMWMACgkQD1vkKiPJ
HONzdQf/aty0AjMuKRbI7s9oN2fTMzKglnopBBsJH/ozravsHt3NzW6qeI+JN8Ga
yMgwu7991di2q3+dHzLylL/uLxomh3TQnQTsak3kfzVJt8fKgY3lpFZamgpGQlme
r0xioe5ylaIipItt06XIeZMnwrS+dfDhAW1G6x98nSOCN+SlqmrPpVrf2+J3hLXq
4oRZExYD3WIQAOl5a6LBJ7nKxal7Y+ZzLNKo1Fdv0BSeaClVXTeUFCivZiw0zcEI
eguDK8fk7kx3MDuwQxV3+juWaMDCNNVV4QBIMZjXusv2i7vHkfTWrPy+m+CmkIJz
MEHj/W7d30v2HqNYtrwOSmMhv1+wOg==
=vlPl
-----END PGP SIGNATURE-----
-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEYg5XKRYJKwYBBAHaRw8BAQdAoiviwSeMJbcbE8t9mHgrSqgT5F4LQyLzUckU
E6Sx5aiIgwQgFgoAKxYhBIHOfS+ZLzoe/uBZMa7qmxcSWxd7BQJiQaR2DR0BbGlu
ZTEKbGluZTIACgkQruqbFxJbF3uT1wD/UzkNkMwK/kDHxT4xxwY6OeRZdeZauGtv
vKnvcyM16V0A/0IEIlQmSKyp/OEFZy45VBunJZJkReRMS9pA0Y+ouBgKtB9KYW5l
IERvZSA8amFuZS5kb2VAZXhhbXBsZS5uZXQ+iJoEExYKAEICGwMFCQAosgcFCwkI
BwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAFiEEgc59L5kvOh7+4FkxruqbFxJbF3sF
AmLyVRUACgkQruqbFxJbF3s/cgEAqwbErDdIhKudkFrk8wY6VkNBDf4jf2SGyDz1
BL9pJt0A/0IkhlpHU6rtqylJuuCFpLmKbFlXdXdrCoEwisFrY8QJtAZibGFibGGI
nAQTFgoARAIbAwUJACiyBwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIXgBYhBIHO
fS+ZLzoe/uBZMa7qmxcSWxd7BQJi8lUWAhkBAAoJEK7qmxcSWxd7H+UBAP/y1phn
ojnKvF72jm7uaLN+mTVKjt71nxPi8TvBASC1AP0bt5vAiAqlCOYACvm2mg8pw18f
1YXXOBkcbTLUimkyD7g4BGIOVykSCisGAQQBl1UBBQEBB0DkecMMBdYTabaTqAbV
GlWplsf68h+uv8N78t0bEjVmGAMBCAeIfgQYFgoAJhYhBIHOfS+ZLzoe/uBZMa7q
mxcSWxd7BQJiDlcpAhsMBQkAKLIHAAoJEK7qmxcSWxd7GgsBAMvJUPcHIs4dHlqS
o2P7NfJvkFpqFUeGaP8upALUiijRAQDz13cloc0StTGn5uWPZCGQkzn8MzX+yiPZ
mxnjHfafCg==
=+jHe
-----END PGP PUBLIC KEY BLOCK-----

I get the result

Notepad → Notepad: 
Valid signature by keytocard@example.net

Signature created on Mittwoch, 26. Juli 2023 16:44:51 CEST
With certificate:
Test key for Key to Card <keytocard@example.net> (089F 4ED8 0F38 4779)
The signature is valid and the certificate's validity is ultimately trusted.

and in the text field

bar
pub   ed25519 2022-02-17 [SC] [revoked: 2022-03-28]
      81CE7D2F992F3A1EFEE05931AEEA9B17125B177B
rev        AEEA9B17125B177B 2022-03-28   [selfsig]
uid           Jane Doe <jane.doe@example.net>
sig        AEEA9B17125B177B 2022-08-09   [selfsig]
uid           blabla
sig        AEEA9B17125B177B 2022-08-09   [selfsig]
sub   cv25519 2022-02-17 [E] [revoked: 2022-03-28]
sig        AEEA9B17125B177B 2022-02-17   [keybind]

The reason seems to be that gpgme_op_verify is used on the input (because the input is classified as a clear-signed message). And this calls gpg without --verify.

Running the same input through gpg --status-fd 2, I get

[GNUPG:] PLAINTEXT 74 0 
bar
[GNUPG:] NEWSIG
[GNUPG:] KEY_CONSIDERED 8C8AFD6AEF9F30C4F6D80CF6089F4ED80F384779 0
[GNUPG:] SIG_ID rNB9tZasKqqfLCkwTNM6ht3SjzU 2023-07-26 1690382691
[GNUPG:] KEY_CONSIDERED 8C8AFD6AEF9F30C4F6D80CF6089F4ED80F384779 0
[GNUPG:] GOODSIG 0F5BE42A23C91CE3 Test key for Key to Card <keytocard@example.net>
[GNUPG:] VALIDSIG D0C16E12A3A5E7857F6FC1D30F5BE42A23C91CE3 2023-07-26 1690382691 0 4 0 1 8 01 8C8AFD6AEF9F30C4F6D80CF6089F4ED80F384779
[GNUPG:] KEY_CONSIDERED 8C8AFD6AEF9F30C4F6D80CF6089F4ED80F384779 0
[GNUPG:] TRUST_ULTIMATE 0 pgp
[GNUPG:] KEYEXPIRED 1647774000
pub   ed25519 2022-02-17 [SC] [revoked: 2022-03-28]
      81CE7D2F992F3A1EFEE05931AEEA9B17125B177B
rev        AEEA9B17125B177B 2022-03-28   [selfsig]
uid           Jane Doe <jane.doe@example.net>
sig        AEEA9B17125B177B 2022-08-09   [selfsig]
uid           blabla
sig        AEEA9B17125B177B 2022-08-09   [selfsig]
sub   cv25519 2022-02-17 [E] [revoked: 2022-03-28]
sig        AEEA9B17125B177B 2022-02-17   [keybind]

which correctly prints the signed plaintext separately from the key block. So, it's probably GpgME that needs to be fixed.

Event Timeline

ikloecker created this task.
ikloecker added a subscriber: werner.

What we have here is a clear text signature followed by a public key. If you run this with
gpg -o signedtext.txt --status-fd 2 signedtext.txt should only receive "bar" and not the key listing. If that is not the case something would be very wrong.

Using -o signedtext.txt fixes the problem. Unfortunately, gpgme does

      err = add_arg (gpg, "--output");
      if (!err)
	err = add_arg (gpg, "-");
[...]
      if (!err)
	err = add_data (gpg, plaintext, 1, 1);

i.e. it tells gpg to write the output to stdout and then reads everything from stdout as plaintext.

Phew! This bug has been with us for more than 20 years unless gpg's behaviour has changed only later.

werner raised the priority of this task from Normal to High.Jul 28 2023, 4:47 PM
werner added projects: gpgme, Bug Report.
ikloecker changed the task status from Open to Testing.Jul 28 2023, 4:56 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

Should be fixed.

The same problem occurred when decrypting/verifying a file containing a clear-signed message followed by a public key block, i.e. the result file written to disk contained the signed text followed by the printed public key.

ebo claimed this task.
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ebo added a subscriber: ebo.

After the fix everything after the Signature block is now silently discarded

werner edited projects, added gpgme (gpgme 1.23.x); removed gpgme.