gpgsk files contain backups of secret keys. They are created by Kleopatra when creating a backup of a secret (sub)key after copying a (sub)key to a smart card.
To counter attacks with malicious gpgsk files (with the goal to overwrite a user's real secret keys or smart-card-backed shadow keys) gpg must check that the imported/restored gpgsk files are valid.
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Open | None | T6785 Kleopatra: Improvements related to smart cards | ||
| Open | • TobiasFella | T6934 Kleopatra: Import of gpgsk files | ||
| Open | • werner | T6956 GnuPG: Allow import of gpgsk files |
These gpgsk files are standard private-keys-v1 files with an additional Backup-info line showing for example the keygrip.
There are no certificates in the file, thus we can either use gpg or gpgsm as driver.
I think the attack ingo talks about would mostly be covered by checking if the file already exists before moving it into the private directory.
But a good safeguard that I could think of would be:
Checking if the file already exists doesn't help. In fact, typically the file (containing the shadow key for the card key) will already exist. But one could check if there is already a private key with this keygrip. Then restoring could be refused, so that the worst that can happen is that the shadow key (which can be recovered from the smart card) is overwritten with a corrupt file.
This means we can use a simpler approach: