Hi! When using "gpg --armor --detach-sign some-file-version-c" a file: some-file-version-c.asc will be created.
But an adversary position to arbitrarily change file names on a mirror or so could rename it to some-file-version-d and some-file-version-d.asc. That could trick the verifier into believing having received a more recent version than expected. The adversary could use this to mount rollback [1] (downgrade) or indefinite freeze [2] attacks. Is there a way to make gnupg sign the name of the file as well? So verification would fail if file names were renamed? I know, one could create a sha512sum (or so) file that contains the hash and the name of the file, then gpg sign that file. But I find that method more complex, complicated, cumbersome. Is there any easier and/or gpg built in way? Cheers, Patrick [1] [2] Defined as per TUF (The Update Framework) - Attacks and Weaknesses - Threat Model: https://github.com/theupdateframework/tuf/blob/develop/SECURITY.md http://www.webcitation.org/6F7Io2ncN _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
