David Shaw on Thu, 4 Sep 2003 10:29:05 -0400

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] gpg spoof?

On Thu, Sep 04, 2003 at 08:39:46AM -0400, Jeff Abrahamson wrote:
> I received an encrypted and signed email which I decrypt and verify by
> piping through gpg (no options). The output looked like below (the
> part indented by two spaces).
> In mutt, I type "|gpg<return>"
> Now, I don't suspect Erin was trying to spoof me, and she had enclosed
> a semi-random string that I had encrypted to her. So this one case
> doesn't bother me.
> But, in general, how can I distinguish between the end of the
> encrypted message and the beginning of the "gpg: Signature ..." stuff?
> Couldn't someone just include such a (forged) signature block at the
> end of their message, then encrypt the whole thing without signing,
> and so convince me that the message was signed by someone else?

This is a known attack against signature systems that display the
signature status along with the message text.  The mutt mail reader
had this problem (and resolved it in part by putting the current time
in the verification message, outside of the GnuPG output).

In the case of GnuPG, there are several ways to prevent being fooled:

1) Note that the signature verification message and the message itself
   go to two different file descriptors.  The message goes to stdout,
   but the verification goes to stderr.

2) Decrypt to a file (gpg -o decrypted.txt).  The file gets the
   plaintext and the signature will still show up on the console.  If
   you see a signature in the file, it's a spoof.

That said, I'm not opposed to a more rigorous warning... I need to
think about that a bit more.

Philadelphia Linux Users Group        --       http://www.phillylinux.org
Announcements - http://lists.netisland.net/mailman/listinfo/plug-announce
General Discussion  --   http://lists.netisland.net/mailman/listinfo/plug