[gentoo-user] gpg signature verification failures

[gentoo-user] gpg signature verification failures

[Ian Zimmerman]

I noticed a lot of gpg signed mail on mailing lists fails signature
verification lately, including this list. (Others: lkml, haskell-cafe,
mutt-users, even oss-security.)

It's not just me: quite a few others seem to have made the same
observation.  Please see the latest thread on mutt-users:

http://marc.info/?l=mutt-users&m=147417981514310&w=2

Note that it is _not_ a mutt problem:  one gets the same "BAD signature"
result from a bare gpg run on the extracted message part.

So, what's going on?  This would seem to be a Big Deal [TM].

-- 
Please *no* private Cc: on mailing lists and newsgroups
Why does the arrow on Hillary signs point to the right?

Re: [gentoo-user] gpg signature verification failures

[Mick]

[-- Attachment #1: Type: text/plain, Size: 866 bytes --]

On Sunday 18 Sep 2016 10:10:02 Ian Zimmerman wrote:
> I noticed a lot of gpg signed mail on mailing lists fails signature
> verification lately, including this list. (Others: lkml, haskell-cafe,
> mutt-users, even oss-security.)
> 
> It's not just me: quite a few others seem to have made the same
> observation.  Please see the latest thread on mutt-users:
> 
> http://marc.info/?l=mutt-users&m=147417981514310&w=2
> 
> Note that it is _not_ a mutt problem:  one gets the same "BAD signature"
> result from a bare gpg run on the extracted message part.
> 
> So, what's going on?  This would seem to be a Big Deal [TM].

The way some clients attach gpg signatures (in line, or multipart) makes a 
difference, depending on the receiving mail client.  I have seen bad signatures 
in this M/L but it is not a regular occurrence. 

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

[gentoo-user] Re: gpg signature verification failures

[Ian Zimmerman]

On 2016-09-18 18:34, Mick wrote:

> > http://marc.info/?l=mutt-users&m=147417981514310&w=2

> > So, what's going on?  This would seem to be a Big Deal [TM].
> 
> The way some clients attach gpg signatures (in line, or multipart)
> makes a difference, depending on the receiving mail client.

It's happening with multipart/signed messages, which to me implies that
what I extract is exactly, byte by byte, what was attached and signed.

> I have seen bad signatures in this M/L but it is not a regular
> occurrence.

Your own message re: TaskCoach fails to verify, and that's what prompted
me to post about it here.

-- 
Please *no* private Cc: on mailing lists and newsgroups
Why does the arrow on Hillary signs point to the right?

Re: [gentoo-user] Re: gpg signature verification failures

[Mick]

[-- Attachment #1: Type: text/plain, Size: 923 bytes --]

On Sunday 18 Sep 2016 11:47:05 Ian Zimmerman wrote:
> On 2016-09-18 18:34, Mick wrote:
> > > http://marc.info/?l=mutt-users&m=147417981514310&w=2
> > > 
> > > So, what's going on?  This would seem to be a Big Deal [TM].
> > 
> > The way some clients attach gpg signatures (in line, or multipart)
> > makes a difference, depending on the receiving mail client.
> 
> It's happening with multipart/signed messages, which to me implies that
> what I extract is exactly, byte by byte, what was attached and signed.
> 
> > I have seen bad signatures in this M/L but it is not a regular
> > occurrence.
> 
> Your own message re: TaskCoach fails to verify, and that's what prompted
> me to post about it here.

Failing to verify is not the same as bad signature.  It may fail to verify if 
the keyservers are unreachable by the client.  This could be because of traffic, 
DDoS attacks, etc.
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

[gentoo-user] Re: gpg signature verification failures

[Ian Zimmerman]

On 2016-09-18 12:32, Mick wrote:

> > Your own message re: TaskCoach fails to verify, and that's what
> > prompted me to post about it here.
> 
> Failing to verify is not the same as bad signature.  It may fail to
> verify if the keyservers are unreachable by the client.  This could be
> because of traffic, DDoS attacks, etc.

Sigh.  Of course, I know the difference.  Please
s/fail to verify/BAD signature/ in all my messages in this thread.

In particular, your message re: TaskCoach gives BAD signature.

-- 
Please *no* private Cc: on mailing lists and newsgroups
Why does the arrow on Hillary signs point to the right?

Re: [gentoo-user] Re: gpg signature verification failures

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 414 bytes --]

On Sun, 18 Sep 2016 11:47:05 -0700, Ian Zimmerman wrote:

> > I have seen bad signatures in this M/L but it is not a regular
> > occurrence.  
> 
> Your own message re: TaskCoach fails to verify, and that's what prompted
> me to post about it here.

That signature shows as good here using Claws Mail with
app-crypt/gnupg-2.1.5


-- 
Neil Bothwick

Justify my text? I'm sorry but it has no excuse.

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 163 bytes --]

Re: [gentoo-user] Re: gpg signature verification failures

[Alecks Gates]

[-- Attachment #1.1.1: Type: text/plain, Size: 560 bytes --]

On 09/18/2016 04:45 PM, Neil Bothwick wrote:
> On Sun, 18 Sep 2016 11:47:05 -0700, Ian Zimmerman wrote:
> 
>>> I have seen bad signatures in this M/L but it is not a regular
>>> occurrence.  
>>
>> Your own message re: TaskCoach fails to verify, and that's what prompted
>> me to post about it here.
> 
> That signature shows as good here using Claws Mail with
> app-crypt/gnupg-2.1.5
> 
> 

I can confirm Mick's (and Neil's) signatures are good with
mail-client/thunderbird-45.3.0-r1, Enigmail, and app-crypt/gnupg-2.1.15

-- 
Alecks Gates

[-- Attachment #1.1.2: 0x26CA0F78.asc --]
[-- Type: application/pgp-keys, Size: 3137 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

Re: [gentoo-user] Re: gpg signature verification failures

[Mick]

[-- Attachment #1: Type: text/plain, Size: 1482 bytes --]

On Sunday 18 Sep 2016 17:00:55 Alecks Gates wrote:
> On 09/18/2016 04:45 PM, Neil Bothwick wrote:
> > On Sun, 18 Sep 2016 11:47:05 -0700, Ian Zimmerman wrote:
> >>> I have seen bad signatures in this M/L but it is not a regular
> >>> occurrence.
> >> 
> >> Your own message re: TaskCoach fails to verify, and that's what prompted
> >> me to post about it here.
> > 
> > That signature shows as good here using Claws Mail with
> > app-crypt/gnupg-2.1.5
> 
> I can confirm Mick's (and Neil's) signatures are good with
> mail-client/thunderbird-45.3.0-r1, Enigmail, and app-crypt/gnupg-2.1.15


Hmm ... I am getting confused.  My Kmail shows my sig as being Good.

So I save the ascii signature file separately, as well as the whole message.  
Trying to verify the latter with the former on the CLI, gives me a Bad 
signature.  :-/

It's getting late, so I may be doing this wrong?
==========================
$ gpg --verify signature.asc message.eml
gpg: enabled debug flags: memstat
Version: GnuPG v2
gpg: armor header: 
gpg: Signature made Sun Sep 18 17:39:06 2016 BST using RSA key ID F013861E
gpg: using classic trust model
gpg: BAD signature from "Michael Kintzios <michaelkintzios@gmail.com>" 
[ultimate]
gpg: binary signature, digest algorithm SHA256
random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
secmem usage: 0/65536 bytes in 0 blocks
==========================

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

[gentoo-user] Re: gpg signature verification failures

[»Q«]

On Sun, 18 Sep 2016 22:45:16 +0100
Neil Bothwick <neil@digimed.co.uk> wrote:

> On Sun, 18 Sep 2016 11:47:05 -0700, Ian Zimmerman wrote:
> 
> > > I have seen bad signatures in this M/L but it is not a regular
> > > occurrence.    
> > 
> > Your own message re: TaskCoach fails to verify, and that's what
> > prompted me to post about it here.  
> 
> That signature shows as good here using Claws Mail with
> app-crypt/gnupg-2.1.5

I have the same version of Claws but gnupg-2.0.28, and Neil's and
Mick's signatures show as good.

[gentoo-user] Re: gpg signature verification failures

[»Q«]

On Sun, 18 Sep 2016 23:33:17 +0100
Mick <michaelkintzios@gmail.com> wrote:

> So I save the ascii signature file separately, as well as the whole
> message. Trying to verify the latter with the former on the CLI,
> gives me a Bad signature.  :-/
>
> It's getting late, so I may be doing this wrong?

The whole message isn't signed.  AIUI, what's signed is just the stuff
between the boundary markers of the text/plain part of the message.
That said, I can't get that part to verify manually either, probably
because I'm making some mistake in extracting just that part.

[gentoo-user] Re: gpg signature verification failures

[Ian Zimmerman]

On 2016-09-18 22:45, Neil Bothwick wrote:

> > Your own message re: TaskCoach fails to verify, and that's what prompted
> > me to post about it here.
> 
> That signature shows as good here using Claws Mail with
> app-crypt/gnupg-2.1.5

2.1.5 ??  That's not even in portage.  Did you mean 2.1.15?

-- 
Please *no* private Cc: on mailing lists and newsgroups
Why does the arrow on Hillary signs point to the right?

Re: [gentoo-user] Re: gpg signature verification failures

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 591 bytes --]

On 19 September 2016 17:40:24 BST, Ian Zimmerman <itz@primate.net> wrote:
> On 2016-09-18 22:45, Neil Bothwick wrote:
> 
> > > Your own message re: TaskCoach fails to verify, and that's what
> prompted
> > > me to post about it here.
> > 
> > That signature shows as good here using Claws Mail with
> > app-crypt/gnupg-2.1.5
> 
> 2.1.5 ??  That's not even in portage.  Did you mean 2.1.15?
> 
> -- 
> Please *no* private Cc: on mailing lists and newsgroups
> Why does the arrow on Hillary signs point to the right?

Yes
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

[-- Attachment #2: Type: text/html, Size: 1011 bytes --]

[gentoo-user] Re: gpg signature verification failures

[Ian Zimmerman]

On 2016-09-18 10:10, Ian Zimmerman wrote:

> Note that it is _not_ a mutt problem: one gets the same "BAD
> signature" result from a bare gpg run on the extracted message part.

I have to retract this.  So far everyone who reported this runs mutt;
and my evidence in the other direction, given above, is laughably wrong
(the signature is not computed that way, but on trasformed data as
specified by RFC 3156).

So yes, it looks a lot like a flea.

> So, what's going on?  This would seem to be a Big Deal [TM].

Still surprised by the lack of urgency.  I'm pretty much dropping
everything until I can fix this.

-- 
Please *no* private Cc: on mailing lists and newsgroups
Why does the arrow on Hillary signs point to the right?

Re: [gentoo-user] Re: gpg signature verification failures

[Mick]

[-- Attachment #1: Type: text/plain, Size: 1172 bytes --]

On Monday 19 Sep 2016 13:37:43 Ian Zimmerman wrote:
> On 2016-09-18 10:10, Ian Zimmerman wrote:
> > Note that it is _not_ a mutt problem: one gets the same "BAD
> > signature" result from a bare gpg run on the extracted message part.
> 
> I have to retract this.  So far everyone who reported this runs mutt;
> and my evidence in the other direction, given above, is laughably wrong
> (the signature is not computed that way, but on trasformed data as
> specified by RFC 3156).
> 
> So yes, it looks a lot like a flea.

Whenever I tried to get gnupg running with mutt I came across some problem or 
another, but didn't have time to look into it further.  From what I recall 
signatures showing up as bad was one of them, but could be mistaken (this was 
some months ago).


> > So, what's going on?  This would seem to be a Big Deal [TM].
> 
> Still surprised by the lack of urgency.  I'm pretty much dropping
> everything until I can fix this.

I'd be interested to find out how I can manually extract the contents of a 
message and verify it manually.  I followed page 5 of RFC 3156, but it is 
showing Bad signature.  :-/

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]