I've recently been digging deep into the source-code trying to understand what the differences are between --clearsign and --detach-sign signatures.
This came about whilst writing code that calls on "gpg --verify" on detached signatures; specifically Debian APT archives that contain "Release" (plaintext) and "Release.gpg" (detached signature). The aim/hope was to combine the plaintext and detached signature into the armored clearsign format and thus avoid needing to write one of them to the file-system (the other can be supplied via stdin). I had thought that the message digest hash (in this case SHA512) should be the same since the input data is the same which-ever signing method is used. This didn't work as I had expected so I have been digging into the source-code to figure out what is different between the two signing methods. This led to a series of tests trying to figure it out but after several hours I'm no clearer so I thought I'd ask. Here is the shell script that captures the tests I've been doing: #!/usr/bin/env /bin/bash set -x gpg --version # gpg (GnuPG) 1.4.16 # Copyright (C) 2013 Free Software Foundation, Inc. # License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> # This is free software: you are free to change and redistribute it. # There is NO WARRANTY, to the extent permitted by law. # # Home: ~/.gnupg # Supported algorithms: # Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA # Cypher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, # CAMELLIA128, CAMELLIA192, CAMELLIA256 # Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 # Compression: Uncompressed, ZIP, ZLIB, BZIP2 wget http://archive.ubuntu.com/ubuntu/dists/trusty/Release 2>/dev/null wget http://archive.ubuntu.com/ubuntu/dists/trusty/Release.gpg 2>/dev/null echo "Verify the detached signature" gpg --keyring /etc/apt/trusted.gpg --verify Release.gpg Release # gpg: Signature made Thu 08 May 2014 15:20:33 BST using DSA key ID 437D05B5 # gpg: Good signature from "Ubuntu Archive Automatic Signing Key <ftpmas...@ubuntu.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 6302 39CC 130E 1A7F D81A 27B1 4097 6EAF 437D 05B5 # gpg: Signature made Thu 08 May 2014 15:20:33 BST using RSA key ID C0B21F32 # gpg: Good signature from "Ubuntu Archive Automatic Signing Key (2012) <ftpmas...@ubuntu.com>" # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 790B C727 7767 219C 42C8 6F93 3B4F E6AC C0B2 1F32 echo "Try to stitch together the plaintext and detached signature into cleartext format for verification" gpg --keyring /etc/apt/trusted.gpg --verify <(set +x && echo -e "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n$(cat Release Release.gpg)") # gpg: Signature made Wed 23 Apr 2014 21:05:34 BST using DSA key ID 437D05B5 # gpg: BAD signature from "Ubuntu Archive Automatic Signing Key <ftpmas...@ubuntu.com>" # gpg: Signature made Wed 23 Apr 2014 21:05:34 BST using RSA key ID C0B21F32 # gpg: BAD signature from "Ubuntu Archive Automatic Signing Key (2012) <ftpmas...@ubuntu.com>" echo "Now try using a local test key, creating both clearsign and detached signatures" gpg --list-key 3591FB89 # pub 2048R/3591FB89 2014-08-28 # uid Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64) <detac...@signature.org> # sub 2048R/4AD9A3DF 2014-08-28 gpg --clearsign --digest-algo SHA512 --local-user 3591FB89 Release echo "Verify the clearsign document" gpg --verify Release.asc # gpg: Signature made Thu 28 Aug 2014 17:21:44 BST using RSA key ID 3591FB89 # gpg: Good signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64) <detac...@signature.org>" echo "Split the clearsign document into plaintext and detached signature files" sed -n '/^Origin:/,/-----BEGIN PGP SIGNATURE/ {/^-----/d; p}' Release.asc >Release.asc.plaintext sed -n '/-----BEGIN PGP SIGNATURE/,/-----END PGP SIGNATURE/p' Release.asc >Release.asc.gpg echo "Prove the split plaintext MD5 is identical to the original plaintext" md5sum Release Release.asc.plaintext # abb06855aee7fa5b964800511a515183 Release # abb06855aee7fa5b964800511a515183 Release.asc.plaintext echo "Attempt to verify using the split detached signature and split plaintext" gpg --verify Release.asc.gpg Release.asc.plaintext # gpg: Signature made Thu 28 Aug 2014 17:21:44 BST using RSA key ID 3591FB89 # gpg: BAD signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64) <detac...@signature.org>" echo "Attempt to verify using the split detached signature and the original plaintext" gpg --verify Release.asc.gpg Release # gpg: Signature made Thu 28 Aug 2014 18:32:06 BST using RSA key ID 3591FB89 # gpg: BAD signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64) <detac...@signature.org>" gpg --list-packets Release.asc.gpg # :signature packet: algo 1, keyid 9C387A713591FB89 # version 4, created 1409242904, md5len 0, sigclass 0x01 # digest algo 10, begin of digest ce 60 # hashed subpkt 2 len 4 (sig created 2014-08-28) # subpkt 16 len 8 (issuer key ID 9C387A713591FB89) # data: [2048 bits] echo "Re-join the split plaintext and split detached signature and verify" gpg --verify <(set +x && echo -e "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n$(cat Release.asc.plaintext Release.asc.gpg)") # gpg: Signature made Thu 28 Aug 2014 17:21:44 BST using RSA key ID 3591FB89 # gpg: Good signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64) <detac...@signature.org>" echo "Generate a detached armored signature file using the Test key" gpg --detach-sign --digest-algo SHA512 --local-user 3591FB89 --armor --output Release.Test.detached.gpg Release echo "Verify the detached signature" gpg --verify Release.Test.detached.gpg Release # gpg: Signature made Thu 28 Aug 2014 19:29:37 BST using RSA key ID 3591FB89 # gpg: Good signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64) <detac...@signature.org>" echo "Join original plaintext and Test Key's detached signature together and attempt to verify" gpg --verify <(set +x && echo -e "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n$(cat Release Release.Test.detached.gpg)") # gpg: Signature made Thu 28 Aug 2014 19:29:37 BST using RSA key ID 3591FB89 # gpg: BAD signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64) <detac...@signature.org>" echo "Try again, ignoring any timestamp conflicts" gpg --ignore-time-conflict --verify <(set +x && echo -e "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n$(cat Release Release.Test.detached.gpg)") # gpg: Signature made Thu 28 Aug 2014 19:29:37 BST using RSA key ID 3591FB89 # gpg: BAD signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64) <detac...@signature.org>" _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
