how to verify gpg-signed commits

James Henstridge james.henstridge at gmail.com
Thu May 11 02:15:38 BST 2006


On 5/10/06, John A Meinel <john at arbash-meinel.com> wrote:
> Do you have a public branch of this project? I found the tarball, and
> I'm interested in investigating it. But I always like to keep a local
> mirror, just in case I want to submit some changes.

Yeah.  It is at http://www.gnome.org/~jamesh/bzr/pygpgme

> >> In the future, I think we might also want to try and match the gpg
> >> signing key username with the revision committer username. (Though we
> >> have discussed letting someone sign someone else's commit as sort of a
> >> 'vote of confidence')
> >
> > You need to be careful about handling multiple signatures with gpgme
> > and clearsigned blocks.  If your code is not written correctly, you
> > can end up opening yourself to append attacks.
> >
>
> Thanks for the heads up and warning. For now, I think we'll just support
> a single signature, whose key matches the committer id.
> But certainly, using pygpgme and getting the plain text is better than
> trying to parse the signatures myself.
>
> What about doubly nested signatures? Whenever I tried to gpg --cl
> something that was already signed, I get:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> hello there
> - -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
>
> iD8DBQFEYg0GJdeBCYSNAAMRAjccAJ0RY5Lyq4BpRt/Nvnc/eF2foMiPPQCfY5i6
> 8fQAv9HHHy6Oc/+2J0PdlE4=
> =mK1y
> - -----END PGP SIGNATURE-----
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
>
> iD8DBQFEYg0GJdeBCYSNAAMRAkOiAKDLqnKXnW3bCUTGBxqS6VEgcWUAagCgnfMh
> nOt16DoaQ1P1M3U/cYSoi7o=
> =8dwz
> -----END PGP SIGNATURE-----
>
> Where the internal signature breaks up the '----' => '- ---'.

That's the escaping that GPG does on clearsigned text (one of the
reasons to get gpg to give you the clearsigned output.

>
> That is really how I would like to support signing someone else's
> signature, rather than something like:
>
[snip concatenated signature example]

The alternative is to give up on clearsigned signatures, and store the
testament plus one or more signature blocks for that testament.  Are
you signing their revision or signing the revision plus the fact that
the other person signed the revision?  If you do use nested
clearsigned blocks, will bzr care about which way they are nested?

Detached signatures also don't seem to be susceptible to the
concatenation problem.  It is also pretty easy to convert a
clearsigned block to plaintext + a detached signature block if the
change is worth making.

> > This will also verify and give you the same plaintext and two
> > signatures, but each signature only covers part of the content.
>
> > Furthermore, if the signature verification code only checks the first
> > signature and I can get you to sign the text "bazaar-ng testament
> > short form 1", then I can sign the remainder of any testament and have
> > it appear as though you signed that revision.
>
> > At the moment, the only solution I know of is to reject multiple
> > signatures, or manually check that there are no appended clearsigned
> > blocks.
>
> > James.
>
> When using gpgme and getting the signed block, does it give you the
> extra text as well, or only the text inside?

It only writes the signed content to the plaintext file object,
removing any clearsign escaping that was done.  However, it will give
you the plain text for multiple clearsigned blocks if they were found
in the input.

So for the following stream, gpgme would give you a valid testament
and tell you that it had been signed by Alice and Marvin, but not
indicate that Alice didn't sign the entire testament.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

bazaar-ng testament short form 1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

# Alice's signature here
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

revision-id: $revision_id
sha1: $sha1sum
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

# Marvin's signature here
-----END PGP SIGNATURE-----

James.




More information about the bazaar mailing list