Skip Menu |
 

This queue is for tickets about the Crypt-OpenPGP CPAN distribution.

Report information
The Basics
Id: 126994
Status: new
Priority: 0/
Queue: Crypt-OpenPGP

People
Owner: Nobody in particular
Requestors: jadedcyborg [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: Critical
Broken in: (no value)
Fixed in: (no value)



Subject: Fails to verify signatures made by GnuPG v2; SHA-2 and RIPEMD-160 also broken
Download (untitled) / with headers
text/plain 2.2k
It seems that Crypt::OpenPGP handles clearsigned signatures very poorly. We first discovered this bug when working on Module::Signature (https://github.com/audreyt/module-signature/issues/23) In short, Crypt::OpenPGP fails to verify all signatures generated by gpg2, as well as gpg1 signature using RIPEMD-160 and SHA-2. The key used to sign is just a throwaway 1024-bit RSA key. Test snippets: $ for alg in MD5 SHA{1,224,256,384,512} RIPEMD160; do echo "Hello World" | gpg1 --default-key 4E8A44BB --clearsign --openpgp --digest-algo $alg --passphrase foobar --quiet --batch > SIGNATURE && echo -n "$alg: " && perl test.pl ; done gpg: WARNING: digest algorithm MD5 is deprecated MD5: Success SHA1: Success SHA224: Failure SHA256: Failure SHA384: Failure SHA512: Failure RIPEMD160: Failure $ for alg in MD5 SHA{1,224,256,384,512} RIPEMD160; do echo "Hello World" | gpg --default-key 4E8A44BB --clearsign --openpgp --digest-algo $alg --passphrase foobar --quiet --batch > SIGNATURE && echo -n "$alg: " && perl test.pl ; done gpg: WARNING: digest algorithm MD5 is deprecated MD5: Message hash does not match signature checkbytes SHA1: Message hash does not match signature checkbytes SHA224: Message hash does not match signature checkbytes SHA256: Message hash does not match signature checkbytes SHA384: Message hash does not match signature checkbytes SHA512: Message hash does not match signature checkbytes RIPEMD160: Message hash does not match signature checkbytes test.pl: /* ----------------------------------------------------------- */ #!/usr/bin/perl use Crypt::OpenPGP; my $pgp = Crypt::OpenPGP->new( Compat => "GnuPG", ); my $res = $pgp->verify(SigFile => "./SIGNATURE"); if (defined $res) { if ($res) { print "Success\n"; } else { print "Failure\n"; } } else { print $pgp->errstr; } /* ----------------------------------------------------------- */ $ uname -a Linux bionic-vm 4.15.0-33-generic #36-Ubuntu SMP Wed Aug 15 16:00:05 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ perl -v | awk 'NR==2 {print $0}' This is perl 5, version 26, subversion 1 (v5.26.1) built for x86_64-linux-gnu-thread-multi $ gpg --version | head -n2 gpg (GnuPG) 2.2.4 libgcrypt 1.8.1 $ gpg1 --version | head -n1 gpg (GnuPG) 1.4.22 $ perl -MCrypt::OpenPGP -le 'print $Crypt::OpenPGP::VERSION' 1.12 ======== Best regards Niklas Holm
Download (untitled) / with headers
text/plain 1.4k
Comparing signatures generated by gpg1 and gpg2 shows an additional subpacket 33 not present in the gpg1 signature. It implements a subpacket currently on the standards track. Could it be that Crypt::OpenPGP chokes on this because it's not recognized? Or is it because the data lenght is of by one for some reason? Draft for update of RFC 4880: https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-05#section-5.2.3.1 GnuPG commit introducing the change: https://github.com/gpg/gnupg/commit/955baf04364721457cd99aad21942523cd50498c GnuPG commit enabling it by default: https://github.com/gpg/gnupg/commit/b6f08dbb0b45059cdbbb5d9be9725e437f42a8cc OpenPGP-WG commit where the packet was added to the draft: https://gitlab.com/openpgp-wg/rfc4880bis/commit/e0e4a36320f3aa0d4a49df9463d81ace35951290 $ diff -aru10 <(gpg --list-packets hello.gpg1) <(gpg --list-packets hello.gpg2) --- /dev/fd/63 2018-08-31 10:37:21.711217763 +0200 +++ /dev/fd/62 2018-08-31 10:37:21.711217763 +0200 @@ -1,7 +1,8 @@ -# off=0 ctb=88 tag=2 hlen=2 plen=156 +# off=0 ctb=88 tag=2 hlen=2 plen=179 :signature packet: algo 1, keyid 02151F2A4E8A44BB version 4, created 1535670000, md5len 0, sigclass 0x00 - digest algo 2, begin of digest c5 42 + digest algo 2, begin of digest 7c 05 + hashed subpkt 33 len 21 (issuer fpr v4 FFBBC6D2195A7BDA6B3120E002151F2A4E8A44BB) hashed subpkt 2 len 4 (sig created 2018-08-30) subpkt 16 len 8 (issuer key ID 02151F2A4E8A44BB) - data: [1022 bits] + data: [1021 bits]
Confirmed: Generating the signatures with GnuPG 2.1.15 yields equal results as with with GnuPG 1.4.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.