Mailing List Archive

--auto-key-retrieve fails for some keys
Hello,

The signature on a Linux kernel can be verified successfully using
`--auto-key-retrieve', but the signature on an Emacs cannot be
verified in the same manner because gpg is unable to retrieve the
needed public key automatically.

The GPG version is 2.2.19 (libgcrypt 1.8.5, if that matters) as
shipped by Ubuntu 20.04.3. I manage to locate only one post in the
GnuPG mailing list archive with respect to this `--auto-key-retrieve'
failure. But, as far as I can see it, the post has no response.

Perhaps one of you can reproduce the problem by the following steps?

1. Test using Linux kernel.
wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.11.tar.xz
https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.11.tar.sign
unxz < linux-5.11.tar.xz | gpg --keyserver
hkp://keyserver.ubuntu.com:80 --auto-key-retrieve --verify
linux-5.11.tar.sign -

The output of the last command is as follows:
gpg: Signature made Mon 15 Feb 2021 10:11:32 AM CET
gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpg: requesting key 38DBBDC86092693E from hkp server keyserver.ubuntu.com
gpg: key 38DBBDC86092693E: public key "Greg Kroah-Hartman
<gregkh@linuxfoundation.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: Good signature from "Greg Kroah-Hartman
<gregkh@linuxfoundation.org>" [unknown]
gpg: aka "Greg Kroah-Hartman <gregkh@kernel.org>" [unknown]
gpg: aka "Greg Kroah-Hartman (Linux kernel stable
release signing key) <greg@kroah.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E

2. Test using Emacs.
wget http://mirror.kumi.systems/gnu/emacs/emacs-27.2.tar.xz.sig
http://mirror.kumi.systems/gnu/emacs/emacs-27.2.tar.xz
cat emacs-27.2.tar.xz | gpg --keyserver hkp://keyserver.ubuntu.com:80
--auto-key-retrieve --verify emacs-27.2.tar.xz.sig -

The output of the last command is as follows:
gpg: Signature made Thu 25 Mar 2021 12:53:08 PM CET
gpg: using RSA key 91C1262F01EB8D39
gpg: Can't check signature: No public key

The key 0x91C1262F01EB8D39, however, can be retrieved manually just
fine as shown below:
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0x91C1262F01EB8D39
gpg: key 91C1262F01EB8D39: public key "Eli Zaretskii (eliz)
<eliz@gnu.org>" imported
gpg: Total number processed: 1
gpg: imported: 1

Any idea why the --auto-key-retrieve feature fails for some keys?

Thank you.

--
Best regards,
Tadeus

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: --auto-key-retrieve fails for some keys [ In reply to ]
On Tue, Nov 2, 2021 at 4:05 PM Tadeus Prastowo <0x66726565@gmail.com> wrote:
>
> Hello,
>
> The signature on a Linux kernel can be verified successfully using
> `--auto-key-retrieve', but the signature on an Emacs cannot be
> verified in the same manner because gpg is unable to retrieve the
> needed public key automatically.
>
> The GPG version is 2.2.19 (libgcrypt 1.8.5, if that matters) as
> shipped by Ubuntu 20.04.3. I manage to locate only one post in the
> GnuPG mailing list archive with respect to this `--auto-key-retrieve'
> failure. But, as far as I can see it, the post has no response.

The post in question is
https://lists.gnupg.org/pipermail/gnupg-users/2019-October/062940.html

> Perhaps one of you can reproduce the problem by the following steps?
>
> 1. Test using Linux kernel.
> wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.11.tar.xz
> https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.11.tar.sign
> unxz < linux-5.11.tar.xz | gpg --keyserver
> hkp://keyserver.ubuntu.com:80 --auto-key-retrieve --verify
> linux-5.11.tar.sign -
>
> The output of the last command is as follows:
> gpg: Signature made Mon 15 Feb 2021 10:11:32 AM CET
> gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
> gpg: requesting key 38DBBDC86092693E from hkp server keyserver.ubuntu.com
> gpg: key 38DBBDC86092693E: public key "Greg Kroah-Hartman
> <gregkh@linuxfoundation.org>" imported
> gpg: Total number processed: 1
> gpg: imported: 1
> gpg: Good signature from "Greg Kroah-Hartman
> <gregkh@linuxfoundation.org>" [unknown]
> gpg: aka "Greg Kroah-Hartman <gregkh@kernel.org>" [unknown]
> gpg: aka "Greg Kroah-Hartman (Linux kernel stable
> release signing key) <greg@kroah.com>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
> Primary key fingerprint: 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E
>
> 2. Test using Emacs.
> wget http://mirror.kumi.systems/gnu/emacs/emacs-27.2.tar.xz.sig
> http://mirror.kumi.systems/gnu/emacs/emacs-27.2.tar.xz
> cat emacs-27.2.tar.xz | gpg --keyserver hkp://keyserver.ubuntu.com:80
> --auto-key-retrieve --verify emacs-27.2.tar.xz.sig -
>
> The output of the last command is as follows:
> gpg: Signature made Thu 25 Mar 2021 12:53:08 PM CET
> gpg: using RSA key 91C1262F01EB8D39
> gpg: Can't check signature: No public key
>
> The key 0x91C1262F01EB8D39, however, can be retrieved manually just
> fine as shown below:
> gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0x91C1262F01EB8D39
> gpg: key 91C1262F01EB8D39: public key "Eli Zaretskii (eliz)
> <eliz@gnu.org>" imported
> gpg: Total number processed: 1
> gpg: imported: 1
>
> Any idea why the --auto-key-retrieve feature fails for some keys?
>
> Thank you.
>
> --
> Best regards,
> Tadeus

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: --auto-key-retrieve fails for some keys [ In reply to ]
On Dienstag, 2. November 2021 16:05:30 CET Tadeus Prastowo via Gnupg-users
wrote:
> The signature on a Linux kernel can be verified successfully using
> `--auto-key-retrieve', but the signature on an Emacs cannot be
> verified in the same manner because gpg is unable to retrieve the
> needed public key automatically.

The important difference is:
> gpg: Signature made Mon 15 Feb 2021 10:11:32 AM CET
> gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
-> fingerprint of signing key
> gpg: requesting key 38DBBDC86092693E from hkp server keyserver.ubuntu.com

> gpg: Signature made Thu 25 Mar 2021 12:53:08 PM CET
> gpg: using RSA key 91C1262F01EB8D39
-> (long) key id of signing key
> gpg: Can't check signature: No public key

man gpg tells us:
=====
--auto-key-retrieve
--no-auto-key-retrieve
These options enable or disable the automatic retrieving of
keys from a keyserver when verifying signatures made by
keys that are not on the local keyring. The default is --no-
auto-key-retrieve.

The order of methods tried to lookup the key is:
[...]
5. If any keyserver is configured and the Issuer Fingerprint
is part of the signature (since GnuPG 2.1.16), the con-
figured keyservers are tried.
=====

The signature on the Linux kernel contains the Issuer Fingerprint. The
signature on Emacs doesn't (probably because a very old version of GnuPG is
used to sign Emacs).

Regards,
Ingo
Re: --auto-key-retrieve fails for some keys [ In reply to ]
On 2021-11-02 at 16:05 +0100, Tadeus Prastowo via Gnupg-users wrote:
> The signature on a Linux kernel can be verified successfully using
> `--auto-key-retrieve', but the signature on an Emacs cannot be
> verified in the same manner because gpg is unable to retrieve the
> needed public key automatically.

> Any idea why the --auto-key-retrieve feature fails for some keys?

% gpg --list-packets < emacs-27.2.tar.xz.sig
# off=0 ctb=89 tag=2 hlen=3 plen=284
:signature packet: algo 1, keyid 91C1262F01EB8D39
version 4, created 1616673188, md5len 0, sigclass 0x00
digest algo 2, begin of digest 77 61
hashed subpkt 2 len 4 (sig created 2021-03-25)
subpkt 16 len 8 (issuer key ID 91C1262F01EB8D39)
data: [2048 bits]

% gpg --list-packets < linux-5.11.tar.sign
# off=0 ctb=89 tag=2 hlen=3 plen=563
:signature packet: algo 1, keyid 38DBBDC86092693E
version 4, created 1613380292, md5len 0, sigclass 0x00
digest algo 8, begin of digest dc ca
hashed subpkt 33 len 21 (issuer fpr v4 647F28654894E3BD457199BE38DBBDC86092693E)
hashed subpkt 2 len 4 (sig created 2021-02-15)
subpkt 16 len 8 (issuer key ID 38DBBDC86092693E)
data: [4096 bits]

The shorter keyids are known to be spoofable if someone is willing to
put enough effort into repeatedly generating keys. So I can well
believe that without the full issuer fingerprint, gpg declines to
automatically retrieve the key.

The only key I can find for 91C1262F01EB8D39 claims to have been made in
2020 and yet is using SHA1 for the self-signature. That is worrying.

-Phil

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: --auto-key-retrieve fails for some keys [ In reply to ]
On Tue, 02 Nov 2021 18:35:01 +0100,
Phil Pennock via Gnupg-users wrote:
> On 2021-11-02 at 16:05 +0100, Tadeus Prastowo via Gnupg-users wrote:
> > The signature on a Linux kernel can be verified successfully using
> > `--auto-key-retrieve', but the signature on an Emacs cannot be
> > verified in the same manner because gpg is unable to retrieve the
> > needed public key automatically.
>
> > Any idea why the --auto-key-retrieve feature fails for some keys?
>
> % gpg --list-packets < emacs-27.2.tar.xz.sig
> # off=0 ctb=89 tag=2 hlen=3 plen=284
> :signature packet: algo 1, keyid 91C1262F01EB8D39
> version 4, created 1616673188, md5len 0, sigclass 0x00
> digest algo 2, begin of digest 77 61
> hashed subpkt 2 len 4 (sig created 2021-03-25)
> subpkt 16 len 8 (issuer key ID 91C1262F01EB8D39)
> data: [2048 bits]
>
> % gpg --list-packets < linux-5.11.tar.sign
> # off=0 ctb=89 tag=2 hlen=3 plen=563
> :signature packet: algo 1, keyid 38DBBDC86092693E
> version 4, created 1613380292, md5len 0, sigclass 0x00
> digest algo 8, begin of digest dc ca
> hashed subpkt 33 len 21 (issuer fpr v4 647F28654894E3BD457199BE38DBBDC86092693E)
> hashed subpkt 2 len 4 (sig created 2021-02-15)
> subpkt 16 len 8 (issuer key ID 38DBBDC86092693E)
> data: [4096 bits]
>
> The shorter keyids are known to be spoofable if someone is willing to
> put enough effort into repeatedly generating keys. So I can well
> believe that without the full issuer fingerprint, gpg declines to
> automatically retrieve the key.

This doesn't make sense to me. Sure, someone could do a second
pre-image attack on a 64-bit key id. But, when gpg downloads the bad
certificate and checks the signature, it will consider the signature
bad. At that point, gpg could just throw the downloaded certificate
away. But if the signature is good, then gpg can be certain that it
has the right certificate for the signature. (Whether the certificate
is authentic is another matter, of course.)

:) Neal

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: --auto-key-retrieve fails for some keys [ In reply to ]
Hi Ingo!

On Tue, Nov 2, 2021 at 6:42 PM Ingo Klöcker <kloecker@kde.org> wrote:
[...]
> The signature on the Linux kernel contains the Issuer Fingerprint. The
> signature on Emacs doesn't (probably because a very old version of GnuPG is
> used to sign Emacs).

Thank you very much for giving me a throughout explanation on the
matter. I really appreciate it.

> Regards,
> Ingo

--
Best regards,
Tadeus

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: --auto-key-retrieve fails for some keys [ In reply to ]
Hi Phil!

On Tue, Nov 2, 2021 at 7:23 PM Phil Pennock via Gnupg-users
<gnupg-users@gnupg.org> wrote:

[...]

> The only key I can find for 91C1262F01EB8D39 claims to have been made in
> 2020 and yet is using SHA1 for the self-signature. That is worrying.

Thank you very much for showing me the difference between the
signature files as well as raising the issue. I will let the Emacs
maintainer know.

> -Phil

--
Best regards,
Tadeus

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users