On 03/25/2012 02:33 AM, [email protected] wrote:
When an encrypted file sent to me is both encrypted and signed,
when I use a command like this:
gpg -o file-out -d file-in
I can see the signature verification data appear as standard
output, in the terminal, while the file-out contents are separated
from it. Is there a way to have the signature verification data
appended to the file-out text message itself or possibly some other
way of preserving this verification data and keeping them together?
I am referring to the command line interface, but I noticed that
GPA also keeps them separated. Thanks.
you can use the --status-fd or --status-file arguments to direct
machine-readable signature verification messages wherever you like.
But sending it to the same file as the text is a bad idea. Don't do it.
For example, here's me dumping the decryption to stdout so that it flows
around the message:
0 dkg@pip:~$ gpg --status-fd 1 -d <x >x.2
gpg: Signature made Sun 25 Mar 2012 09:01:48 AM EDT
gpg: using RSA key 0xCCD2ED94D21739E9
gpg: please do a --check-trustdb
gpg: Good signature from "Daniel Kahn Gillmor <[email protected]>"
gpg: aka "Daniel Kahn Gillmor <[email protected]>"
gpg: aka "[jpeg image of size 3515]"
gpg: aka "Daniel Kahn Gillmor <[email protected]>"
0 dkg@pip:~$ cat x.2
[GNUPG:] PLAINTEXT 74 0
test
[GNUPG:] SIG_ID chNvlYWvyBS3mjoLtZ3oEC2SQho 2012-03-25 1332680508
[GNUPG:] GOODSIG CCD2ED94D21739E9 Daniel Kahn Gillmor
<[email protected]>
[GNUPG:] NOTATION_NAME [email protected]
[GNUPG:] NOTATION_DATA 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
[GNUPG:] VALIDSIG 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9 2012-03-25
1332680508 0 4 0 1 10 01 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
[GNUPG:] TRUST_ULTIMATE
0 dkg@pip:~$
Here's why this is a bad idea:
Once you've stuck the verification data into the same file as the
message, how do you tell which parts are message body ends and which are
verification data?
You might assume that all the lines prefixed with [GNUPG:] are from the
gnupg signature verification process; but what if the original message
contained such lines (e.g. what if you were piping this message through
the signature verification process)?
By combining the data you're trying to verify with the results of the
verification, you open yourself to pretty easy exploitation from anyone
who chooses to craft their message in a certain way. For example, i
could just insert lines in my message that imply a good signature from
you, and place a well-formed (but bogus) cleartext signature around
them. Your verification process would emit my data into the file,
including my fake claims of verification. Someone scanning that file
later will believe that you signed it.
So yes, there's a way to do what you're asking. But you shouldn't do it.
--dkg
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
