how to verify gpg-signed commits

James Henstridge james.henstridge at gmail.com
Tue May 9 06:49:56 BST 2006


On 7/5/06, John Arbash Meinel <john at arbash-meinel.com> wrote:
> I have a plugin available from here:
> http://bzr.arbash-meinel.com/plugins/bzr/signing/
>
> It provides the command 'bzr verify-sigs', which will run 'gpg --verify'
> for every signature found.
>
> The reason it isn't in bzr core, is that we really wanted to do the
> verification properly, using something like 'libgpgme'. This was just my
> quick hack to allow some integrity checking.

If you want to use gpgme, you might want to try my pygpgme wrapper:

    http://cheeseshop.python.org/pypi/pygpgme

It should make it easy to properly verify signatures, get information
about signing keys (e.g. what uids are attached to the key), tell you
whether the user trusts the signature or not, etc.

When using it to verify clearsigned content, it will also give you the
plaintext that was signed which should be useful for verifying that
the signed content matches the testament.

> In the future, I think we might also want to try and match the gpg
> signing key username with the revision committer username. (Though we
> have discussed letting someone sign someone else's commit as sort of a
> 'vote of confidence')

You need to be careful about handling multiple signatures with gpgme
and clearsigned blocks.  If your code is not written correctly, you
can end up opening yourself to append attacks.

Consider the following example:

  -----BEGIN PGP SIGNED MESSAGE-----
  <content 1>
  <content 2>
  -----BEGIN PGP SIGNED MESSAGE-----
  <a PGP block containing two signatures of the above content>
  -----END PGP SIGNATURE-----

gpgme will give you the plain text and tell you that there are two
signatures.  Now consider the following:
  -----BEGIN PGP SIGNED MESSAGE-----
  <content 1>
  -----BEGIN PGP SIGNED MESSAGE-----
  <a PGP block containing a signature of the content 1>
  -----END PGP SIGNATURE-----
  -----BEGIN PGP SIGNED MESSAGE-----
  <content 1>
  -----BEGIN PGP SIGNED MESSAGE-----
  <a PGP block containing a signature of the content 2>
  -----END PGP SIGNATURE-----

This will also verify and give you the same plaintext and two
signatures, but each signature only covers part of the content.

Furthermore, if the signature verification code only checks the first
signature and I can get you to sign the text "bazaar-ng testament
short form 1", then I can sign the remainder of any testament and have
it appear as though you signed that revision.

At the moment, the only solution I know of is to reject multiple
signatures, or manually check that there are no appended clearsigned
blocks.

James.




More information about the bazaar mailing list