1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1100485: hopenpgp-tools: hokey canonicalize damages signature

    From =?utf-8?q?Uwe_Kleine-K=C3=B6nig?=@21:1/5 to All on Fri Mar 14 12:50:01 2025
    Package: hopenpgp-tools
    Version: 0.23.10-1
    Severity: normal
    X-Debbugs-Cc: ukleinek@debian.org

    With gpg 2.2.46 I have:

    $ gpg --export 39CB544D6527CF60 | gpg --import
    gpg: key 39CB544D6527CF60: "Nicolas Pitre <nico@fluxnic.net>" not changed
    gpg: Total number processed: 1
    gpg: unchanged: 1

    $ gpg --export 39CB544D6527CF60 | hokey canonicalize | gpg --import
    hokey (hopenpgp-tools) 0.23.10
    Copyright (C) 2012-2023 Clint Adams
    hokey comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions.
    gpg: key 39CB544D6527CF60: 1 bad signature
    gpg: key 39CB544D6527CF60: "Nicolas Pitre <nico@fluxnic.net>" not changed
    gpg: Total number processed: 1
    gpg: unchanged: 1

    So when piping the certificate through `hokey canonicalize`, gpg is
    unhappy with the result ("1 bad signature").

    I didn't try to debug, so maybe it's also gpg (or the public key) that
    is wrong here. Another indication that it's indeed hokey that is broken
    here is that Sequoia is also reports a broken signature:

    $ diff -u <(gpg --export 39CB544D6527CF60 | sq inspect --dump-bad-signatures) <(gpg --export 39CB544D6527CF60 | hokey canonicalize | sq inspect --dump-bad-signatures)
    hokey (hopenpgp-tools) 0.23.10
    Copyright (C) 2012-2023 Clint Adams
    hokey comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions.
    --- /dev/fd/63 2025-03-14 12:41:09.762163073 +0100
    +++ /dev/fd/62 2025-03-14 12:41:09.766163061 +0100
    @@ -7,10 +7,11 @@
    Key flags: certification, signing

    Subkey: E582CAEAF7CBA7AA04344A927F4A62820BF463B7
    + Invalid: No binding signature at time 2025-03-14T11:41:09Z
    + Invalid: No binding signature at time 2025-03-14T11:41:09Z
    Public-key algo: RSA
    Public-key size: 2048 bits
    Creation time: 2014-08-27 18:44:41 UTC
    - Key flags: signing

    Subkey: 41DAFFF1E479BE87915F2E61CB32F57D9BA1D6FF
    Public-key algo: RSA
    @@ -52,3 +53,34 @@
    UserID: Nicolas Pitre <npitre@baylibre.com>
    Certifications: 1, use --certifications to list

    + Bad Signature:
    + Version: 4
    + Type: SubkeyBinding
    + Pk algo: RSA
    + Hash algo: SHA256
    + Hashed area:
    + Signature creation time: 2025-02-25 05:18:24 UTC (critical)
    + Issuer: 39CB544D6527CF60
    + Nicolas Pitre <nico@fluxnic.net> (UNAUTHENTICATED)
    + Notation: salt@notations.sequoia-pgp.org
    + 00000000 1a 30 59 f3 ea fd 72 88 a3 2b 5e a5 1b e2 43 bd
    + 00000010 89 d8 f6 37 92 11 28 a5 50 8d b1 af c8 e9 16 48
    + Key flags: S
    + Embedded signature: (critical)
    + Version: 4
    + Type: PrimaryKeyBinding
    + Pk algo: RSA
    + Hash algo: SHA256
    + Hashed area:
    + Signature creation time: 2025-02-25 05:18:24 UTC (critical)
    + Issuer: 7F4A62820BF463B7
    + Nicolas Pitre <nico@fluxnic.net> (UNAUTHENTICATED)
    + Notation: salt@notations.sequoia-pgp.org
    + 00000000 d8 bd 36 7c ef bd c5 da 85 b8 f7 02 5d 3b 81 28
    + 00000010 1b b8 e1 68 40 15 89 ec b5 8b f0 eb d4 bb b0 f4
    + Issuer Fingerprint: E582CAEAF7CBA7AA04344A927F4A62820BF463B7
    + Nicolas Pitre <nico@fluxnic.net> (UNAUTHENTICATED)
    + Digest prefix: 4CA6
    + Level: 0 (signature over data)
    + Digest prefix: DB75
    + Level: 0 (signature over data)


    The key 39CB544D6527CF60 is available on the keyservers if you want to reproduce. (gpg --keyserver-options no-self-sigs-only --keyserver keyserver.ubuntu.com --recv 39CB544D6527CF60)

    Best regards
    Uwe

    -- System Information:
    Debian Release: trixie/sid
    APT prefers testing-debug
    APT policy: (750, 'testing-debug'), (750, 'testing'), (700, 'stable-updates'), (700, 'stable-security'), (700, 'stable-debug'), (700, 'stable'), (600, 'unstable'), (500, 'unstable-debug')
    Architecture: amd64 (x86_64)
    Foreign Architectures: armhf

    Kernel: Linux 6.12.6-amd64 (SMP w/4 CPU threads; PREEMPT)
    Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
    Shell: /bin/sh linked to /usr/bin/dash
    Init: systemd (via /run/systemd/system)
    LSM: AppArmor: enabled

    Versions of packages hopenpgp-tools depends on:
    ii libbz2-1.0 1.0.8-6
    ii libc6 2.40-4
    ii libffi8 3.4.6-1
    ii libgmp10 2:6.3.0+dfsg-3
    ii libnettle8t64 3.10-1+b1
    ii libnuma1 2.0.18-1+b1
    ii libyaml-0-2 0.2.5-2
    ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1

    hopenpgp-tools recommends no packages.

    hopenpgp-tools suggests no packages.

    -- no debconf information

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Clint Adams@21:1/5 to All on Fri Mar 14 17:10:01 2025
    + Bad Signature:
    + Version: 4
    + Type: SubkeyBinding
    + Pk algo: RSA
    + Hash algo: SHA256
    + Hashed area:
    + Signature creation time: 2025-02-25 05:18:24 UTC (critical)
    + Issuer: 39CB544D6527CF60
    + Nicolas Pitre <nico@fluxnic.net> (UNAUTHENTICATED)
    + Notation: salt@notations.sequoia-pgp.org
    + 00000000 1a 30 59 f3 ea fd 72 88 a3 2b 5e a5 1b e2 43 bd
    + 00000010 89 d8 f6 37 92 11 28 a5 50 8d b1 af c8 e9 16 48
    + Key flags: S
    + Embedded signature: (critical)
    + Version: 4
    + Type: PrimaryKeyBinding
    + Pk algo: RSA
    + Hash algo: SHA256
    + Hashed area:
    + Signature creation time: 2025-02-25 05:18:24 UTC (critical)
    + Issuer: 7F4A62820BF463B7
    + Nicolas Pitre <nico@fluxnic.net> (UNAUTHENTICATED)
    + Notation: salt@notations.sequoia-pgp.org
    + 00000000 d8 bd 36 7c ef bd c5 da 85 b8 f7 02 5d 3b 81 28
    + 00000010 1b b8 e1 68 40 15 89 ec b5 8b f0 eb d4 bb b0 f4
    + Issuer Fingerprint: E582CAEAF7CBA7AA04344A927F4A62820BF463B7
    + Nicolas Pitre <nico@fluxnic.net> (UNAUTHENTICATED)
    + Digest prefix: 4CA6
    + Level: 0 (signature over data)
    + Digest prefix: DB75
    + Level: 0 (signature over data)

    It does look like only this signature is getting corrupted; replacing
    that one in the hokey output with the original packet makes
    `sq inspect` happier.

    My suspicion is that something is horribly wrong with the
    reserialization of the hashed embedded signature subpacket.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Justus Winter@21:1/5 to All on Fri Mar 14 17:50:01 2025
    Hi,

    hopenpgp seems to strip the issuer fingerprint subpacket from the subkey binding signature. The old one had it in the unhashed area, so the
    signature is still fine:

    % diff -u100 <(sq packet dump cert.good--35-Signature-Packet) <(sq packet dump cert.bad--38-Signature-Packet)
    --- /proc/self/fd/17 2025-03-14 17:40:19.795784814 +0100
    +++ /proc/self/fd/22 2025-03-14 17:40:19.795784814 +0100
    @@ -1,25 +1,24 @@
    -Signature Packet, new CTB, 853 bytes
    +Signature Packet, new CTB, 830 bytes
    Version: 4
    Type: SubkeyBinding
    Pk algo: RSA
    Hash algo: SHA1
    Hashed area:
    Signature creation time: 2014-08-27 18:44:41 UTC
    Key flags: S
    Unhashed area:
    Issuer: 39CB544D6527CF60
    Embedded signature:
    Version: 4
    Type: PrimaryKeyBinding
    Pk algo: RSA
    Hash algo: SHA1
    Hashed area:
    Signature creation time: 2014-08-27 18:44:41 UTC
    Unhashed area:
    Issuer: 7F4A62820BF463B7
    Digest prefix: 80F4
    Level: 0 (signature over data)
    - Issuer Fingerprint: 4B90E0FDA41432C6D2EB3A7439CB544D6527CF60
    Digest prefix: 2956
    Level: 0 (signature over data)

    But, the new one has all information in the hashed subpacke