Re: More secure than smartcard or cryptostick against remote attacks?
Am Mi 06.02.2013, 10:28:13 schrieb Peter Lebbing: Can you explain (broadly) how one would compromise the signature/the device that you sign with? That seems easy to me: Except for small amounts (secure device's display capacity) of very simple data (plain text) you have the problem that the PC which you need to create (and view) the data to be signed sends a blob to the secure device which is opaque to you. The problem is not to forge a signature but the difficulty to force that only data with checked integrity gets signed. How are you going to do that with a PDF? The only possibility I see is that the secure device shows you the hash of the data to be signed. IIRC unfortunately OpenPGP does not sign the data hash but the hash of the combination of the data and signature metadata which really doesn't make this easier. So you would need a secure device which you can give both the data and the metadata so that it can show both (in case of the data: just the hash) to the user. Then you can (safely...) copy the data to several PCs and have them show you both the file hash and the document (in that order). Hoping that at least one of the PCs is not compromised. I really hope that the next version of OpenPGP will sign data and metadata separately (and allow for multiple hashes of different types in the same signature) to get rid of this annoyance. Hauke -- ☺ PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: More secure than smartcard or cryptostick against remote attacks?
On 06/02/13 11:37, Hauke Laging wrote: That seems easy to me: Except for small amounts (secure device's display capacity) of very simple data (plain text) [...] Seems to me to be enough to do what OP requested: signing e-mails he/she wrote. It indeed seems easy to me that this won't work for binary data, I left that implied. A solution that works for signing e-mails sounds like a viable solution. Just like the USB device the OP linked to only works for signing an electronic bank transfer. Obviously you shouldn't use the same signing key for other duties because those other duties open up different methods to get an e-mail falsely signed. Still, not a deal breaker. I'm not suggesting anybody build this solution. I'm arguing on the technical merits, not the economical ones. Robert suggested it is impossible or close to that. I don't see it that way, but maybe I'm missing some interesting attack vector. And that would be interesting to hear. How are you going to do that with a PDF? You're not going to achieve that. The only possibility I see is that the secure device shows you the hash of the data to be signed. I don't see how that would work. Or, put differently, how that would work any better than transferring the file to a secured system. Because I can't calculate the hash easily using pen and paper, I really need to be seeing something other than the hash before I can be sure it's the data I wanted to sign. Even if hashes could be calculated by pen and paper, it seems like it's an unworkable solution. You would also need to be able to interpret all the binary data you're calculating the hash over, or else you still don't know what you're signing. The PDF could contain a vector image that renders to text saying I owe you € 1000. I would need to be able to create that vector image in my head before I can interpret the binary data that represents it. This just gets more insane the more you think about it. But it is really /way/ out of the scope of signing your e-mails. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://digitalbrains.com/2012/openpgp-key-peter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: More secure than smartcard or cryptostick against remote attacks?
On 06/02/13 11:37, Hauke Laging wrote: Then you can (safely...) copy the data to several PCs and have them show you both the file hash and the document (in that order). Hoping that at least one of the PCs is not compromised. In my other mail I got kinda hung up on manual verification but forgot about this part of your mail :). I think what you propose is a completely different topic/solution. You seek security in numbers: hope one of the many PC's isn't compromised. The device proposed by OP/by me seeks security in being restricted and simple. And also takes a whole lot less of effort to use ;). I don't really believe in the security in numbers, by the way. Seems too stochastical. If the attacker can attack all but one of the many, why not the last one? Yes, you reduce the odds, but I prefer more determinism. But let's stick to the e-mail signing in this thread, or the discussion will get very unfocused and hard to follow. If you want to continue anyway, could you please change the Subject: line? Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://digitalbrains.com/2012/openpgp-key-peter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: More secure than smartcard or cryptostick against remote attacks?
On Wednesday, February 06, 2013 at 5:42 AM, Hauke Laging mailinglis...@hauke-laging.de wrote: The problem is not to forge a signature but the difficulty to force that only data with checked integrity gets signed. How are you going to do that with a PDF? There is a bigger problem with a pdf, that if, once a hash algorithm becomes insecure enough that pre-image collisions are possible, it is possible to forge a signature. Ordinarily, even if a collision is possible, a forgery of a signature over text, would instantly be detectable, as the collision forgery would have gibberish in the text. i.e. M1 has signature hash S1 M2 = (m3 + string), where m3 is the forged text, and the string added, is a string additional characters that are varied until a collision is found for the same S1 hash. The string stands out as gibberish and would be questioned, even if the signature verified. But now, in pdf form, the string can easily be hidden in the pdf, by having the string embedded as white text instead of black, and not distinguishable from the white space background. Example, M1 is a pdf of a table, or spreadsheet, or has equations or different language special characters, where it is reasonable to be sent as a pdf. M2 = Pdf of (m3 + string), where is m3 is the forged data in the table, or other visible area of the pdf, and the string is the found addition that produced a successful collision for the final pdf, after having the string rendered in 1 pt. font in white color embedded in any convenient place in the pdf. M1 does not even have to be on a pdf, as long as it has a detached .sig S1. If pre-image collisions are possible for a hash, then a pdf can be constructed to have the same. sig S1. (This could still be detected by examining the details of the metadata of the pdf and seeing what 'extra' material was embedded, but only if a habit is made of checking the metadata very carefully.) vedaal ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: More secure than smartcard or cryptostick against remote attacks?
On Wednesday 06 of February 2013 11:57:40 ved...@nym.hush.com wrote: On Wednesday, February 06, 2013 at 5:42 AM, Hauke Laging mailinglis...@hauke-laging.de wrote: The problem is not to forge a signature but the difficulty to force that only data with checked integrity gets signed. How are you going to do that with a PDF? There is a bigger problem with a pdf, that if, once a hash algorithm becomes insecure enough that pre-image collisions are possible, it is possible to forge a signature. Don't extended (-T, -X, -A form) PAdES signatures add new hash values?! I'm quite sure not only they do, but that it's mandatory. So, new hashes can be used when ones used in file are beginning to weaken (e.g. SHA1 now). This could still be detected by examining the details of the metadata of the pdf and seeing what 'extra' material was embedded, but only if a habit is made of checking the metadata very carefully. I'd suggest to make a habit of not trusting PDF files with currently invalid timestamps... Or files without cryptographic timestamps with currently invalid signatures... Regards, -- Hubert Kario QBS - Quality Business Software 02-656 Warszawa, ul. Ksawerów 30/85 tel. +48 (22) 646-61-51, 646-74-24 www.qbs.com.pl smime.p7s Description: S/MIME cryptographic signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPG Decryption Issue
Hello Hauke Laging , Really thanks for the mail , but still am facing the same issue . when i try to import my public and private key once again through Command prompt ,CMD say's that my keys are already in keyring . I have one query on Key IDs, while am importing massage show that Key ID file for both the keys are same but as fare i knew there is two different ID for different keys. Public Key ID : D36AB872 Private Key ID : E718CCAF Even my error show that Private key is missing. My error log is gpg: encrypted with RSA key, ID E718CCAF gpg: decryption failed: No secret key Kindly comment on the same and let me know your suggestions CMD command what ever i tried as follow , Private Query Import : C:\gpg --import NavtechKey_sec.asc gpg: key D36AB872: already in secret keyring gpg: Total number processed: 1 gpg: secret keys read: 1 gpg: secret keys unchanged: 1 Public Query Import : C:\gpg --import NavtechKey_pub.asc gpg: key D36AB872: Navtech (Navtech Encryption) qantas.ifsmetr...@tcs.com not changed gpg: Total number processed: 1 gpg: unchanged: 1 Edit Key : E:\gpg --edit-key Navtech gpg (GnuPG) 2.0.17; Copyright (C) 2011 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 2048R/D36AB872 created: 2012-08-01 expires: never usage: SC trust: ultimate validity: ultimate sub 2048R/E718CCAF created: 2012-08-01 expires: never usage: E [ultimate] (1). Navtech (Navtech Encryption) qantas.ifsmetr...@tcs.com gpg pub 1024D/9E98BC16 created: 1999-06-04 expires: never trust: -/q gpg fpr pub 2048R/D36AB872 2012-08-01 Navtech (Navtech Encryption) qantas.ifsmetr...@tcs.com Primary key fingerprint: 6CD3 D53B 26A7 AD59 9117 3EA7 A614 AC8F D36A B872 Regards , Kamal TCS Ph:- 914466164678 Buzz:- 18002 Cell:- 919789964684 Mailto: kamalakanna...@tcs.com Website: http://www.tcs.com Experience certainty. IT Services Business Solutions Outsourcing From: Hauke Laging mailinglis...@hauke-laging.de To: gnupg-users@gnupg.org Cc: Kamalakannan N kamalakanna...@tcs.com Date: 02/05/2013 08:22 PM Subject: Re: GPG Decryption Issue Am Di 05.02.2013, 17:19:38 schrieb Kamalakannan N: 1) When we Decrypting the file through Command prompt its works fine 2) When we Decrypting the same file through Datastage application we are facing an issue gpg: encrypted with RSA key, ID E718 gpg: decryption failed: No secret key Probably 1) either the application runs as a different user so that the secret key is not contained in the application's keyring 2) or there is a problem with gpg-agent (the key is protected by a passphrase and gpg-agent does not know the passphrase) Hauke -- ☺ PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ [attachment signature.asc deleted by Kamalakannan N/CHN/TCS] =-=-= Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fw: GPG Decryption Issue
Hi Hauke Laging , Kindly look into the below command and result . Help me out to resolve the NO SECRET KEY issue. E:\gpg --list-keys C:/Documents and Settings/dstage/Application Data/gnupg/pubring.gpg --- pub 2048R/D36AB872 2012-08-01 uid Navtech (Navtech Encryption) qantas.ifsmetr...@tcs.com sub 2048R/E718CCAF 2012-08-01 E:\gpg --list-secret-keys C:/Documents and Settings/dstage/Application Data/gnupg/secring.gpg --- sec 2048R/D36AB872 2012-08-01 uid Navtech (Navtech Encryption) qantas.ifsmetr...@tcs.com ssb 2048R/E718CCAF 2012-08-01 Regards , Kamal TCS Ph:- 914466164678 Buzz:- 18002 Cell:- 919789964684 Mailto: kamalakanna...@tcs.com Website: http://www.tcs.com Experience certainty. IT Services Business Solutions Outsourcing - Forwarded by Kamalakannan N/CHN/TCS on 02/06/2013 03:53 PM - From: Kamalakannan N/CHN/TCS To: Hauke Laging mailinglis...@hauke-laging.de Cc: gnupg-users@gnupg.org Date: 02/06/2013 01:08 PM Subject: Re: GPG Decryption Issue Hello Hauke Laging , Really thanks for the mail , but still am facing the same issue . when i try to import my public and private key once again through Command prompt ,CMD say's that my keys are already in keyring . I have one query on Key IDs, while am importing massage show that Key ID file for both the keys are same but as fare i knew there is two different ID for different keys. Public Key ID : D36AB872 Private Key ID : E718CCAF Even my error show that Private key is missing. My error log is gpg: encrypted with RSA key, ID E718CCAF gpg: decryption failed: No secret key Kindly comment on the same and let me know your suggestions CMD command what ever i tried as follow , Private Query Import : C:\gpg --import NavtechKey_sec.asc gpg: key D36AB872: already in secret keyring gpg: Total number processed: 1 gpg: secret keys read: 1 gpg: secret keys unchanged: 1 Public Query Import : C:\gpg --import NavtechKey_pub.asc gpg: key D36AB872: Navtech (Navtech Encryption) qantas.ifsmetr...@tcs.com not changed gpg: Total number processed: 1 gpg: unchanged: 1 Edit Key : E:\gpg --edit-key Navtech gpg (GnuPG) 2.0.17; Copyright (C) 2011 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. pub 2048R/D36AB872 created: 2012-08-01 expires: never usage: SC trust: ultimate validity: ultimate sub 2048R/E718CCAF created: 2012-08-01 expires: never usage: E [ultimate] (1). Navtech (Navtech Encryption) qantas.ifsmetr...@tcs.com gpg pub 1024D/9E98BC16 created: 1999-06-04 expires: never trust: -/q gpg fpr pub 2048R/D36AB872 2012-08-01 Navtech (Navtech Encryption) qantas.ifsmetr...@tcs.com Primary key fingerprint: 6CD3 D53B 26A7 AD59 9117 3EA7 A614 AC8F D36A B872 Regards , Kamal TCS Ph:- 914466164678 Buzz:- 18002 Cell:- 919789964684 Mailto: kamalakanna...@tcs.com Website: http://www.tcs.com Experience certainty. IT Services Business Solutions Outsourcing From: Hauke Laging mailinglis...@hauke-laging.de To: gnupg-users@gnupg.org Cc: Kamalakannan N kamalakanna...@tcs.com Date: 02/05/2013 08:22 PM Subject: Re: GPG Decryption Issue Am Di 05.02.2013, 17:19:38 schrieb Kamalakannan N: 1) When we Decrypting the file through Command prompt its works fine 2) When we Decrypting the same file through Datastage application we are facing an issue gpg: encrypted with RSA key, ID E718 gpg: decryption failed: No secret key Probably 1) either the application runs as a different user so that the secret key is not contained in the application's keyring 2) or there is a problem with gpg-agent (the key is protected by a passphrase and gpg-agent does not know the passphrase) Hauke -- ☺ PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ [attachment signature.asc deleted by Kamalakannan N/CHN/TCS] =-=-= Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you
Re: GPG Decryption Issue
Am Do 07.02.2013, 10:28:29 schrieb Kamalakannan N: Application is run by the same user and secret key is protected by a passphrase. Take the passphrase off the key and check whether the batch file works then. Actually we are using the batch file to decrypt the file and we calling the batch file through Datastage Application . Batch file command is : gpg --batch --passphrase-file E:\Data\qfbi\Navtech\Working\passphrase.txt -- output E:\Data\qfbi\Navtech\Working\NJS170203YBBNA.xml --decrypt E: \Data\qfbi\Navtech\Input\NJS170203YBBNA.gpg Put this into the batch file for testing: 1) gpg --list-options show-keyring \ --output E:\Data\qfbi\Navtech\Working\keyring.txt \ --list-secret-keys 2) copy E:\Data\qfbi\Navtech\Working\passphrase.txt \ E:\Data\qfbi\Navtech\Working\passphrase.cp Hauke -- ☺ PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04) http://www.openpgp-schulungen.de/ signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users