Jay Acuna via Gnupg-users wrote: > Companies can do as they like, but breaking up the signing internally > like this is not part of the PGP standard and seems to amount to > rolling your own crypto; > which introduces probable vulnerabilities.
Like the vulnerability you introduced right here:
> #!/bin/sh
> # ./verify.sh <file list>
> fail() {
> echo $@
> exit 1
> }
> for i in $@ ; do
> gpg -d -- ${i}.signedhash | sha256sum -c || fail "Failed to verify"
> done
That script ignores the result of the signature verification. It will
return success if sha256sum finds that the hash matches the file, even
if the signature is invalid.
You can fix it by changing "sh" to "bash" and adding "set -o pipefail".
If you prefer another shell, I leave it to you to research how portable
pipefail is.
The ease of making that mistake is one of the reasons why you shouldn't
complicate things by signing files of hashes of files. Just sign the
files instead.
Björn Persson
pgpZBBdqbKef7.pgp
Description: OpenPGP digital signatur
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
