how to verify gpg-signed commits

Wed May 10 16:59:03 BST 2006

James Henstridge wrote:
> On 7/5/06, John Arbash Meinel <john at arbash-meinel.com> wrote:
>> I have a plugin available from here:
>> http://bzr.arbash-meinel.com/plugins/bzr/signing/
>>
>> It provides the command 'bzr verify-sigs', which will run 'gpg --verify'
>> for every signature found.
>>
>> The reason it isn't in bzr core, is that we really wanted to do the
>> verification properly, using something like 'libgpgme'. This was just my
>> quick hack to allow some integrity checking.
> 
> If you want to use gpgme, you might want to try my pygpgme wrapper:
> 
>    http://cheeseshop.python.org/pypi/pygpgme
> 
> It should make it easy to properly verify signatures, get information
> about signing keys (e.g. what uids are attached to the key), tell you
> whether the user trusts the signature or not, etc.
> 
> When using it to verify clearsigned content, it will also give you the
> plaintext that was signed which should be useful for verifying that
> the signed content matches the testament.

I'm certainly interested. Ultimately I think we want to bind more
strongly against gpg. Including stuff like
1) when I commit, the key should match my committer id
2) when I pull, I want to check the signatures before integrating the
changes into my repository (this has some performance implications)
etc

Do you have a public branch of this project? I found the tarball, and
I'm interested in investigating it. But I always like to keep a local
mirror, just in case I want to submit some changes.

> 
>> In the future, I think we might also want to try and match the gpg
>> signing key username with the revision committer username. (Though we
>> have discussed letting someone sign someone else's commit as sort of a
>> 'vote of confidence')
> 
> You need to be careful about handling multiple signatures with gpgme
> and clearsigned blocks.  If your code is not written correctly, you
> can end up opening yourself to append attacks.
> 

Thanks for the heads up and warning. For now, I think we'll just support
a single signature, whose key matches the committer id.
But certainly, using pygpgme and getting the plain text is better than
trying to parse the signatures myself.

What about doubly nested signatures? Whenever I tried to gpg --cl
something that was already signed, I get:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hello there
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEYg0GJdeBCYSNAAMRAjccAJ0RY5Lyq4BpRt/Nvnc/eF2foMiPPQCfY5i6
8fQAv9HHHy6Oc/+2J0PdlE4=
=mK1y
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEYg0GJdeBCYSNAAMRAkOiAKDLqnKXnW3bCUTGBxqS6VEgcWUAagCgnfMh
nOt16DoaQ1P1M3U/cYSoi7o=
=8dwz
-----END PGP SIGNATURE-----

Where the internal signature breaks up the '----' => '- ---'.

That is really how I would like to support signing someone else's
signature, rather than something like:

---BEGIN
<content 1>
---BEGIN SIGNATURE
signed
---END SIGNATURE
---BEGIN
<content 2>
---BEGIN SIGNATURE
signed by 2
---END SIGNATURE

...
> This will also verify and give you the same plaintext and two
> signatures, but each signature only covers part of the content.

> Furthermore, if the signature verification code only checks the first
> signature and I can get you to sign the text "bazaar-ng testament
> short form 1", then I can sign the remainder of any testament and have
> it appear as though you signed that revision.

> At the moment, the only solution I know of is to reject multiple
> signatures, or manually check that there are no appended clearsigned
> blocks.

> James.

When using gpgme and getting the signed block, does it give you the
extra text as well, or only the text inside?

John
=:->

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20060510/ba55daa6/attachment.pgp 