From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id C2296431FD0 for ; Wed, 22 Dec 2010 11:11:46 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: 0.001 X-Spam-Level: X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[UNPARSEABLE_RELAY=0.001] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f+Oftu6BPL9u for ; Wed, 22 Dec 2010 11:11:45 -0800 (PST) Received: from rodolpho.mayfirst.org (mail.freitas.net [209.234.253.107]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by olra.theworths.org (Postfix) with ESMTPS id D3EA8431FB6 for ; Wed, 22 Dec 2010 11:11:45 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by rodolpho.mayfirst.org (Postfix) with ESMTP id 5C3BE3CD84; Wed, 22 Dec 2010 14:11:43 -0500 (EST) X-Virus-Scanned: Debian amavisd-new at rodolpho.mayfirst.org Received: from rodolpho.mayfirst.org ([127.0.0.1]) by localhost (rodolpho.mayfirst.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KaEv+VNvA7Zj; Wed, 22 Dec 2010 14:11:43 -0500 (EST) Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: smtpauth@rodolpho.mayfirst.org) with ESMTPSA id 1736C3CD72 Message-ID: <4D124D68.6060300@fifthhorseman.net> Date: Wed, 22 Dec 2010 14:11:36 -0500 From: Daniel Kahn Gillmor User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101110 Icedove/3.1.6 MIME-Version: 1.0 To: Sebastian Spaeth Subject: Re: PGP/MIME signature verification References: <4CF15D67.1070904@fifthhorseman.net> <87aak08fu8.fsf@servo.finestructure.net> <87zkrz314j.fsf@SSpaeth.de> <4D10C97C.7060602@fifthhorseman.net> <87mxnx3mb9.fsf@SSpaeth.de> In-Reply-To: <87mxnx3mb9.fsf@SSpaeth.de> X-Enigmail-Version: 1.1.2 OpenPGP: id=D21739E9 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig83760AE24DDB8E65EA18B507" Cc: notmuch X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list Reply-To: notmuch List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Dec 2010 19:11:46 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig83760AE24DDB8E65EA18B507 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 12/22/2010 09:38 AM, Sebastian Spaeth wrote: >>> "sigstatus": [{"status": "error","keyid": "ED34CEABE27BAABC", "errors= ": >>> 2}] >>> (perhaps due to me not having your key???) >> >> yup, that is why you get that error. >=20 > Is there a possibility to squeeze a nicer error message out of it? :-) that's a good question -- i'm not sure libgmime gives us much else to work with (it is itself calling out to gpg, which in turn might not give *it* much to work with), but i'll see if there's anything we can do about that. One potential concern with this kind of reporting is that (due to the dirty details of the OpenPGP data signature format), differentiating "you don't have this key in your keyring" from "you have this key, but the signature is bad" is not fully possible. For those who want the details: 0) an OpenPGP signature contains the signature data itself, plus an indicator of what key made the signature (the "issuer"): https://tools.ietf.org/html/rfc4880#section-5.2.3.5 1) The indicator is the lower 64-bits of the OpenPGP fingerprint of the signing key. 2) OpenPGP fingerprints themselves are SHA-1 sums of (some fiddly concatenation of) the creation time of the key and the public key material itself: https://tools.ietf.org/html/rfc4880#section-12.2 However, the 64 bits of the key ID (while longer than the 32-bit pattern commonly expressed like "0xDEADBEEF") isn't really a big-enough search space to resist collision attacks by moderately-well-resourced adversarie= s. That is, it's currently possible to have a computer farm powerful enough to crank through the search space to create a valid OpenPGP key with any chosen 64-bit key ID. So if Alice has her legitimate key with key ID 0x0000DECAFBAD0000, and Eve has a big computer, Eve can create a new OpenPGP key with the same Key ID. If Eve convinces Bob to load her own key into his keyring, then what happens when Bob receives a signed message from Alice? Bob's verifier will look at the message, see that it's signed by a key with key ID 0x0000DECAFBAD0000, and then check the signature against his copy of Eve's key. But the signature doesn't verfiy! This is actually because Bob doesn't have Alice's key, of course, but his client has no way of knowing that -- it just sees that it has a matching key that doesn't verify. So an attacker can convert a "you don't have this key" to a "you have this key but the signature doesn't validate" without even tampering with the message in transit (of course, an attacker who can tamper with the message in transit can *also* make a signature fail to validate, just by flipping a bit or two in either the message or the signature). (note: don't despair! the full 160-bit OpenPGP fingerprint space is not currently under threat; only the 64-bit "key ID" has the above problem, given our current understanding of cryptanalysis and the power of our computing hardware). --dkg --------------enig83760AE24DDB8E65EA18B507 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJNEk1oAAoJEMzS7ZTSFznpwtoP/2oWg6zfUJQ5+WLTr7hIGaax anJLrexylzLczEZ0BVlA+m+v3YGGkXDaU+VMFqsjHQMvEoCiIuGcrj53NQV4ICbj s18FjTepjkr3/x+3Xseug1afDc6+DG80+fXyUUEkLpuvCJwA1zdcn8fu/Jl/fgsA tgGU7q/lv4HoMH3kQB3t6i4cFaOwk4W4NySqVWjuS06+7DXqLBmZ5Pe8/2vB6dic zmr/j/W4waDBK9wkqZ4YAfwrABaKuvCfT367/0tYKKPDpG7XPnkbuaVNleUXoT4c 4tLp0MAV0Wgn331jrqT7w1Yh37ZaR2usAJ0WICi62F3yQkeB95XcfOVxmEcrgzdj EA6qGi/9P0x559SvLMW/+e4KaniaC18aHNwSU7rP4D942d16hDpukyvOrey9+5BB g1J3Lu581J5/MoUka0LuxebiqqdOXWzNbV9AETYx7drqMx7RrgiIfffE9etjlYPA pqr3JZf4PLeF+aFqWtMjmLH9P6hlEbolnzqoL/QXNAzFjuE6fqI/R8rQNo3UD6r9 R7oGbr3LDCDs0GDOv1UEq3CBJ8P5VsPdAAcqn2xM2Foyc6A0v8mfr0XfMWfKesFA xDIApjmNA/8i5v25XwWSs/EYyEqub6ndKnfvE/pbjn6TwzvwKixktCID4MgaptzK SDe0fT0MN+NeK+sDJ1dN =XwoT -----END PGP SIGNATURE----- --------------enig83760AE24DDB8E65EA18B507--