Change Details

When using a GnuPG smartcard in 2.2.5 with an offline master [C]ertify key, it is possible to sign the keys of others with only a [S]igning subkey present. Once a key has been erroneously signed and pushed to keyservers in this way, gpg won't allow it to be signed again correctly with the master key, claiming it is already signed. Was able to reproduce on Arch Linux and OSX Sierra with a Yubikey 4 and RSA4096 subkeys and Yubikey Neo with RSA2048 subkeys. Example: ``` [lrvick@kephel ~]$ gpg --version gpg (GnuPG) 2.2.4 libgcrypt 1.8.2 Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/lrvick/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 [lrvick@kephel ~]$ gpg --card-status Reader ...........: 1050:0407:X:0 Application ID ...: D2760001240102010006057635220000 Version ..........: 2.1 Manufacturer .....: Yubico Serial number ....: 05763522 Name of cardholder: Lance Vick Language prefs ...: en Sex ..............: male URL of public key : https://lrvick.net/0x36C8AAA9.asc Login data .......: lrvick Signature PIN ....: not forced Key attributes ...: rsa4096 rsa4096 rsa4096 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 0 3 Signature counter : 390 Signature key ....: 6755 3FBD A46B B71A BD2E 0B0B 8E47 A1EC 35A1 551D created ....: 2016-02-15 00:49:42 Encryption key....: 54BA 9099 5CCB D6D6 B0E6 8D27 CDAB 3CCD A649 FFDA created ....: 2009-05-09 02:05:34 Authentication key: 4654 2022 DCA1 27AD 42D8 B9FE 6C1F 8F1D 4D08 A9A6 created ....: 2015-02-01 08:16:59 General key info..: sub rsa4096/8E47A1EC35A1551D 2016-02-15 Lance R. Vick (Personal) <lance@lrvick.net> sec# rsa4096/E90A401336C8AAA9 created: 2009-05-09 expires: 2018-07-03 ssb# rsa2048/8D5B2F41F66444E5 created: 2015-03-19 expires: 2018-05-29 ssb# rsa2048/530106BDD94A0B8A created: 2015-03-19 expires: 2018-05-29 ssb# rsa2048/D362694AF189271D created: 2015-03-19 expires: 2018-05-29 ssb> rsa4096/CDAB3CCDA649FFDA created: 2009-05-09 expires: 2018-07-03 card-no: 0006 05763522 ssb> rsa4096/6C1F8F1D4D08A9A6 created: 2015-02-01 expires: 2018-07-03 card-no: 0006 05763522 ssb> rsa4096/8E47A1EC35A1551D created: 2016-02-15 expires: 2018-07-03 card-no: 0006 05763522 [lrvick@kephel ~]$ gpg --list-secret-keys lance@lrvick.net sec# rsa4096 2009-05-09 [SC] [expires: 2018-07-03] 6B61ECD76088748C70590D55E90A401336C8AAA9 uid [ultimate] Lance R. Vick (Personal) <lance@lrvick.net> uid [ultimate] [jpeg image of size 6119] uid [ultimate] Lance R. Vick (Work) <lance@bitgo.com> ssb# rsa2048 2015-03-19 [S] [expires: 2018-05-29] ssb# rsa2048 2015-03-19 [E] [expires: 2018-05-29] ssb# rsa2048 2015-03-19 [A] [expires: 2018-05-29] ssb> rsa4096 2009-05-09 [E] [expires: 2018-07-03] ssb> rsa4096 2015-02-01 [A] [expires: 2018-07-03] ssb> rsa4096 2016-02-15 [S] [expires: 2018-07-03] [lrvick@kephel ~]$ gpg --list-keys john@doe.com pub rsa2048 2018-03-10 [SC] [expires: 2020-03-09] 691D9AC876EAABBC0AFA5403DF5E676BBF2D7AE8 uid [ultimate] John Doe <john@doe.com> sub rsa2048 2018-03-10 [E] [expires: 2020-03-09] [lrvick@kephel ~]$ gpg --sign-key 691D9AC876EAABBC0AFA5403DF5E676BBF2D7AE8 sec rsa2048/DF5E676BBF2D7AE8 created: 2018-03-10 expires: 2020-03-09 usage: SC trust: ultimate validity: ultimate ssb rsa2048/02E38722C42DA22F created: 2018-03-10 expires: 2020-03-09 usage: E [ultimate] (1). John Doe <john@doe.com> sec rsa2048/DF5E676BBF2D7AE8 created: 2018-03-10 expires: 2020-03-09 usage: SC trust: ultimate validity: ultimate Primary key fingerprint: 691D 9AC8 76EA ABBC 0AFA 5403 DF5E 676B BF2D 7AE8 John Doe <john@doe.com> This key is due to expire on 2020-03-09. Are you sure that you want to sign this key with your key "Lance R. Vick (Personal) <lance@lrvick.net>" (8E47A1EC35A1551D) Really sign? (y/N) y [lrvick@kephel ~]$ gpg --list-sigs 691D9AC876EAABBC0AFA5403DF5E676BBF2D7AE8 pub rsa2048 2018-03-10 [SC] [expires: 2020-03-09] 691D9AC876EAABBC0AFA5403DF5E676BBF2D7AE8 uid [ultimate] John Doe <john@doe.com> sig 3 DF5E676BBF2D7AE8 2018-03-10 John Doe <john@doe.com> sig 8E47A1EC35A1551D 2018-03-10 Lance R. Vick (Personal) <lance@lrvick.net> sub rsa2048 2018-03-10 [E] [expires: 2020-03-09] sig DF5E676BBF2D7AE8 2018-03-10 John Doe <john@doe.com> ```

When using a GnuPG smartcard in 2.2.5 with an offline master [C]ertify key, it is possible to sign the keys of others with only a [S]igning subkey present. Once a key has been erroneously signed and pushed to keyservers in this way, gpg won't allow it to be signed again correctly with the master key, claiming it is already signed. Was able to reproduce on Arch Linux and OSX Sierra with a Yubikey 4 and RSA4096 subkeys and Yubikey Neo with RSA2048 subkeys. Also reproduced with pcscd and with gpg built-in scdaemon. Example: ``` [lrvick@kephel ~]$ gpg --version gpg (GnuPG) 2.2.4 libgcrypt 1.8.2 Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/lrvick/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 [lrvick@kephel ~]$ gpg --card-status Reader ...........: 1050:0407:X:0 Application ID ...: D2760001240102010006057635220000 Version ..........: 2.1 Manufacturer .....: Yubico Serial number ....: 05763522 Name of cardholder: Lance Vick Language prefs ...: en Sex ..............: male URL of public key : https://lrvick.net/0x36C8AAA9.asc Login data .......: lrvick Signature PIN ....: not forced Key attributes ...: rsa4096 rsa4096 rsa4096 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 0 3 Signature counter : 390 Signature key ....: 6755 3FBD A46B B71A BD2E 0B0B 8E47 A1EC 35A1 551D created ....: 2016-02-15 00:49:42 Encryption key....: 54BA 9099 5CCB D6D6 B0E6 8D27 CDAB 3CCD A649 FFDA created ....: 2009-05-09 02:05:34 Authentication key: 4654 2022 DCA1 27AD 42D8 B9FE 6C1F 8F1D 4D08 A9A6 created ....: 2015-02-01 08:16:59 General key info..: sub rsa4096/8E47A1EC35A1551D 2016-02-15 Lance R. Vick (Personal) <lance@lrvick.net> sec# rsa4096/E90A401336C8AAA9 created: 2009-05-09 expires: 2018-07-03 ssb# rsa2048/8D5B2F41F66444E5 created: 2015-03-19 expires: 2018-05-29 ssb# rsa2048/530106BDD94A0B8A created: 2015-03-19 expires: 2018-05-29 ssb# rsa2048/D362694AF189271D created: 2015-03-19 expires: 2018-05-29 ssb> rsa4096/CDAB3CCDA649FFDA created: 2009-05-09 expires: 2018-07-03 card-no: 0006 05763522 ssb> rsa4096/6C1F8F1D4D08A9A6 created: 2015-02-01 expires: 2018-07-03 card-no: 0006 05763522 ssb> rsa4096/8E47A1EC35A1551D created: 2016-02-15 expires: 2018-07-03 card-no: 0006 05763522 [lrvick@kephel ~]$ gpg --list-secret-keys lance@lrvick.net sec# rsa4096 2009-05-09 [SC] [expires: 2018-07-03] 6B61ECD76088748C70590D55E90A401336C8AAA9 uid [ultimate] Lance R. Vick (Personal) <lance@lrvick.net> uid [ultimate] [jpeg image of size 6119] uid [ultimate] Lance R. Vick (Work) <lance@bitgo.com> ssb# rsa2048 2015-03-19 [S] [expires: 2018-05-29] ssb# rsa2048 2015-03-19 [E] [expires: 2018-05-29] ssb# rsa2048 2015-03-19 [A] [expires: 2018-05-29] ssb> rsa4096 2009-05-09 [E] [expires: 2018-07-03] ssb> rsa4096 2015-02-01 [A] [expires: 2018-07-03] ssb> rsa4096 2016-02-15 [S] [expires: 2018-07-03] [lrvick@kephel ~]$ gpg --list-keys john@doe.com pub rsa2048 2018-03-10 [SC] [expires: 2020-03-09] 691D9AC876EAABBC0AFA5403DF5E676BBF2D7AE8 uid [ultimate] John Doe <john@doe.com> sub rsa2048 2018-03-10 [E] [expires: 2020-03-09] [lrvick@kephel ~]$ gpg --sign-key 691D9AC876EAABBC0AFA5403DF5E676BBF2D7AE8 sec rsa2048/DF5E676BBF2D7AE8 created: 2018-03-10 expires: 2020-03-09 usage: SC trust: ultimate validity: ultimate ssb rsa2048/02E38722C42DA22F created: 2018-03-10 expires: 2020-03-09 usage: E [ultimate] (1). John Doe <john@doe.com> sec rsa2048/DF5E676BBF2D7AE8 created: 2018-03-10 expires: 2020-03-09 usage: SC trust: ultimate validity: ultimate Primary key fingerprint: 691D 9AC8 76EA ABBC 0AFA 5403 DF5E 676B BF2D 7AE8 John Doe <john@doe.com> This key is due to expire on 2020-03-09. Are you sure that you want to sign this key with your key "Lance R. Vick (Personal) <lance@lrvick.net>" (8E47A1EC35A1551D) Really sign? (y/N) y [lrvick@kephel ~]$ gpg --list-sigs 691D9AC876EAABBC0AFA5403DF5E676BBF2D7AE8 pub rsa2048 2018-03-10 [SC] [expires: 2020-03-09] 691D9AC876EAABBC0AFA5403DF5E676BBF2D7AE8 uid [ultimate] John Doe <john@doe.com> sig 3 DF5E676BBF2D7AE8 2018-03-10 John Doe <john@doe.com> sig 8E47A1EC35A1551D 2018-03-10 Lance R. Vick (Personal) <lance@lrvick.net> sub rsa2048 2018-03-10 [E] [expires: 2020-03-09] sig DF5E676BBF2D7AE8 2018-03-10 John Doe <john@doe.com> ```

When using a GnuPG smartcard in 2.2.5 with an offline master [C]ertify key, it is possible to sign the keys of others with only a [S]igning subkey present. Once a key has been erroneously signed and pushed to keyservers in this way, gpg won't allow it to be signed again correctly with the master key, claiming it is already signed. Was able to reproduce on Arch Linux and OSX Sierra with a Yubikey 4 and RSA4096 subkeys and Yubikey Neo with RSA2048 subkeys. Also reproduced with pcscd and with gpg built-in scdaemon. Example: ``` [lrvick@kephel ~]$ gpg --version gpg (GnuPG) 2.2.4 libgcrypt 1.8.2 Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/lrvick/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 [lrvick@kephel ~]$ gpg --card-status Reader ...........: 1050:0407:X:0 Application ID ...: D2760001240102010006057635220000 Version ..........: 2.1 Manufacturer .....: Yubico Serial number ....: 05763522 Name of cardholder: Lance Vick Language prefs ...: en Sex ..............: male URL of public key : https://lrvick.net/0x36C8AAA9.asc Login data .......: lrvick Signature PIN ....: not forced Key attributes ...: rsa4096 rsa4096 rsa4096 Max. PIN lengths .: 127 127 127 PIN retry counter : 3 0 3 Signature counter : 390 Signature key ....: 6755 3FBD A46B B71A BD2E 0B0B 8E47 A1EC 35A1 551D created ....: 2016-02-15 00:49:42 Encryption key....: 54BA 9099 5CCB D6D6 B0E6 8D27 CDAB 3CCD A649 FFDA created ....: 2009-05-09 02:05:34 Authentication key: 4654 2022 DCA1 27AD 42D8 B9FE 6C1F 8F1D 4D08 A9A6 created ....: 2015-02-01 08:16:59 General key info..: sub rsa4096/8E47A1EC35A1551D 2016-02-15 Lance R. Vick (Personal) <lance@lrvick.net> sec# rsa4096/E90A401336C8AAA9 created: 2009-05-09 expires: 2018-07-03 ssb# rsa2048/8D5B2F41F66444E5 created: 2015-03-19 expires: 2018-05-29 ssb# rsa2048/530106BDD94A0B8A created: 2015-03-19 expires: 2018-05-29 ssb# rsa2048/D362694AF189271D created: 2015-03-19 expires: 2018-05-29 ssb> rsa4096/CDAB3CCDA649FFDA created: 2009-05-09 expires: 2018-07-03 card-no: 0006 05763522 ssb> rsa4096/6C1F8F1D4D08A9A6 created: 2015-02-01 expires: 2018-07-03 card-no: 0006 05763522 ssb> rsa4096/8E47A1EC35A1551D created: 2016-02-15 expires: 2018-07-03 card-no: 0006 05763522 [lrvick@kephel ~]$ gpg --list-secret-keys lance@lrvick.net sec# rsa4096 2009-05-09 [SC] [expires: 2018-07-03] 6B61ECD76088748C70590D55E90A401336C8AAA9 uid [ultimate] Lance R. Vick (Personal) <lance@lrvick.net> uid [ultimate] [jpeg image of size 6119] uid [ultimate] Lance R. Vick (Work) <lance@bitgo.com> ssb# rsa2048 2015-03-19 [S] [expires: 2018-05-29] ssb# rsa2048 2015-03-19 [E] [expires: 2018-05-29] ssb# rsa2048 2015-03-19 [A] [expires: 2018-05-29] ssb> rsa4096 2009-05-09 [E] [expires: 2018-07-03] ssb> rsa4096 2015-02-01 [A] [expires: 2018-07-03] ssb> rsa4096 2016-02-15 [S] [expires: 2018-07-03] [lrvick@kephel ~]$ gpg --list-keys john@doe.com pub rsa2048 2018-03-10 [SC] [expires: 2020-03-09] 691D9AC876EAABBC0AFA5403DF5E676BBF2D7AE8 uid [ultimate] John Doe <john@doe.com> sub rsa2048 2018-03-10 [E] [expires: 2020-03-09] [lrvick@kephel ~]$ gpg --sign-key 691D9AC876EAABBC0AFA5403DF5E676BBF2D7AE8 sec rsa2048/DF5E676BBF2D7AE8 created: 2018-03-10 expires: 2020-03-09 usage: SC trust: ultimate validity: ultimate ssb rsa2048/02E38722C42DA22F created: 2018-03-10 expires: 2020-03-09 usage: E [ultimate] (1). John Doe <john@doe.com> sec rsa2048/DF5E676BBF2D7AE8 created: 2018-03-10 expires: 2020-03-09 usage: SC trust: ultimate validity: ultimate Primary key fingerprint: 691D 9AC8 76EA ABBC 0AFA 5403 DF5E 676B BF2D 7AE8 John Doe <john@doe.com> This key is due to expire on 2020-03-09. Are you sure that you want to sign this key with your key "Lance R. Vick (Personal) <lance@lrvick.net>" (8E47A1EC35A1551D) Really sign? (y/N) y [lrvick@kephel ~]$ gpg --list-sigs 691D9AC876EAABBC0AFA5403DF5E676BBF2D7AE8 pub rsa2048 2018-03-10 [SC] [expires: 2020-03-09] 691D9AC876EAABBC0AFA5403DF5E676BBF2D7AE8 uid [ultimate] John Doe <john@doe.com> sig 3 DF5E676BBF2D7AE8 2018-03-10 John Doe <john@doe.com> sig 8E47A1EC35A1551D 2018-03-10 Lance R. Vick (Personal) <lance@lrvick.net> sub rsa2048 2018-03-10 [E] [expires: 2020-03-09] sig DF5E676BBF2D7AE8 2018-03-10 John Doe <john@doe.com> ```