Detect and download the public key automatically

wiktor commented

2020-06-18 08:25:47 +00:00

Hi,

Thanks for your verification page, this looks really nice!

I think it could be improved further: as signatures contain signing key ID that could be used to try to automatically download the key from keys.openpgp.org.

Signatures can also have embedded "signer's UID" that's usually e-mail embedded by GnuPG when using --sender or --default-key $EMAIL options. This allows fetching the key via WKD when verifying the signature.

This can be seen in practice using the following command:

curl -s https://metacode.biz/.well-known/security.txt | gpg --auto-key-retrieve --verify --output -

As the signature at that address contains Signers UID packet gpg --auto-key-retrieve will fetch the key using WKD instead of user's configured keyserver.

I hope this looks like something in scope for opsv :)

Have a nice day!

Hi, Thanks for your verification page, this looks really nice! I think it could be improved further: as signatures contain signing key ID that could be used to try to automatically download the key from keys.openpgp.org. Signatures can also have embedded "signer's UID" that's usually e-mail embedded by GnuPG when using `--sender` or `--default-key $EMAIL` options. This allows fetching the key via WKD when verifying the signature. This can be seen in practice using the following command: curl -s https://metacode.biz/.well-known/security.txt | gpg --auto-key-retrieve --verify --output - As the signature at that address contains Signers UID packet `gpg --auto-key-retrieve` will fetch the key using WKD instead of user's configured keyserver. I hope this looks like something in scope for opsv :) Have a nice day!

yarmo commented

2020-06-19 11:47:41 +00:00

Owner

That's a great idea, truly get a one-click solution going on! Looking into it

wiktor commented

2020-06-19 17:55:33 +00:00

Poster

Glad that you like it!

I remember extracting Signer's UID once with:

const sig = openpgp.signature.readArmored(commit.gpgsig);
const signersUid = sig.packets[0].signersUserId;

Maybe you can re-purpose this code. Either way OpenPGP.js is easy to hack on so I'm sure you'll find a way :)

See you later! 👋

Glad that you like it! I remember extracting Signer's UID once with: ```js const sig = openpgp.signature.readArmored(commit.gpgsig); const signersUid = sig.packets[0].signersUserId; ``` Maybe you can re-purpose this code. Either way OpenPGP.js is easy to hack on so I'm sure you'll find a way :) See you later! 👋

yarmo commented

2020-06-25 09:59:07 +00:00

Owner

Working on it right now, interestingly signersUserId is equal to null for all signatures I tested with, including those by other people. Maybe I need to add some option at signing time? Will try now.

Working on it right now, interestingly `signersUserId` is equal to `null` for all signatures I tested with, including those by other people. Maybe I need to add some option at signing time? Will try now.

yarmo commented

2020-06-25 10:22:44 +00:00

Owner

Had to use an extra .toHex(), got it working!

wiktor commented

2020-06-25 10:48:36 +00:00

Poster

Maybe I need to add some option at signing time?

Yes, exactly. You can either use gpg --default-key $EMAIL or gpg --sender $EMAIL --clearsign (or sign etc.).

You can check if you got that right by using gpg --list-packets $FILE and seeing if you got "Signers UID" packet there (the value won't be shown, sadly).

Hope that helps!

For testing you can check out my clearsigned file that has this packet: https://metacode.biz/.well-known/security.txt

> Maybe I need to add some option at signing time? Yes, exactly. You can either use `gpg --default-key $EMAIL` or `gpg --sender $EMAIL --clearsign` (or sign etc.). You can check if you got that right by using `gpg --list-packets $FILE` and seeing if you got "Signers UID" packet there (the value won't be shown, sadly). Hope that helps! For testing you can check out my clearsigned file that has this packet: https://metacode.biz/.well-known/security.txt

yarmo commented

2020-06-25 11:04:05 +00:00

Owner

I tried the clearsigned message from https://metacode.biz/.well-known/security.txt and it worked!

I suppose I should add a message to incite the user to verify the fingerprint as right now, we could very well proving a forged message was indeed signed by an impostor with a completely different key!

I tried the clearsigned message from https://metacode.biz/.well-known/security.txt and it worked! I suppose I should add a message to incite the user to verify the fingerprint as right now, we could very well proving a forged message was indeed signed by an impostor with a completely different key!

yarmo commented

2020-06-25 11:14:02 +00:00

Owner

Oh, I know see in your clearsigned message that indeed the "signersUserId" is now filled in! Awesome! Will add support now for this use-case.

wiktor commented

2020-06-25 11:27:01 +00:00

Poster

I suppose I should add a message to incite the user to verify the fingerprint as right now, we could very well proving a forged message was indeed signed by an impostor with a completely different key!

Yes, definitely! I'd suggest printing primary key fingerprint if verification succeeds so that the user can double-check if that's the correct key. That's what GnuPG does too.

Will add support now for this use-case.

Cool! Can't wait to test it! Thanks for your work :)

> I suppose I should add a message to incite the user to verify the fingerprint as right now, we could very well proving a forged message was indeed signed by an impostor with a completely different key! Yes, definitely! I'd suggest printing primary key fingerprint if verification succeeds so that the user can double-check if that's the correct key. That's what GnuPG does too. > Will add support now for this use-case. Cool! Can't wait to test it! Thanks for your work :)

yarmo commented

2020-06-25 11:34:57 +00:00

Owner

Thanks for your help and your time!

Here's a signature without sender:

and one with:

All should work now and different messages appear depending on whether a userId and/or a keyId is found.

Thanks for your help and your time! Here's a signature without sender: ```plaintext -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I like pineapple. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEog/Pt4tEmnyVrrtlNzZ/SvQIetEFAl7p1IEACgkQNzZ/SvQI etEXkRAAhh0viUkjH0chcwSpOEUnXkpMROy64+zT9VjUuxIWNWHChBXg4JqseEX4 XbvF+916xFPqBVX0p5NCJnJiZc+npEr/Y0U5NND3GW2AoSnqaF5YUxJmjyLKvHCc sI4cdwEVM5TB6GisBUOZGcIddcXnlbmAIlQ7KhorDBDsD8F3mjAkwigWQa82uzp0 C/KKkllzOLufDS82R33Z6EUTr3xKNEYjcOgz1vuFDN2Mstrm/Remz0wIcGgopYE+ Q1QixnKZOdpslEsvJT9ot1Pm9ISByR8TONN2iPRGblxBCa3ra1iZHOq+vf1KRd/F mYJu0yEJODtPXdd2B8MNCNrLk5j8ne1aWfQC1vnPRBzmv4eKv5Hdb39LGUttO7jj lFNEqPTlNqI9zWL6zuFPt5vnaJfe1JwYI4tBpW9Si+vpuIIjgM7C8x7xRw1EipED 2k0//7bt7WjIKdv5fLd7kHpyf+h2mwAcIXqoMX+5q9mAxmXEBV9NXCwwjssbZ9Ub WV1D2jtN+zSU+PY2/exQ07fcHTYZxnBwwyDhAEvc4JZ2f3ezNuliOi5P+cyT+S/m /zrFCrcz+G7TN3jzh3mmA4q6dNDIVJ6R04VQzy+Up3n2JlzlAb6aKyJBrDLAKuvC whF+3jc244bVxfhiQKDL+7mwBZdo0oJ8VC8zFNas5DW8UWpMipQ= =G0ZY -----END PGP SIGNATURE----- ``` and one with: ```plaintext -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hio Test -----BEGIN PGP SIGNATURE----- iQJDBAEBCAAtFiEEog/Pt4tEmnyVrrtlNzZ/SvQIetEFAl70iBsPHHlhcm1vQHlh cm1vLmV1AAoJEDc2f0r0CHrRrUwP/iL7FBXQUoSXOe/hUjzaHI9bDJxrHGNOQmJ6 iBru/pTcdH4Ryeu7S9YHv7KaJHm93ROfgNOjGIrJlJ1K8A2gEv80a836kQO6H7cL pNKk3vpb0ectyqZzfoJ4rx/fJsVBqG4owtni+WLBwL0YZa2AcoF81dcP82qhYtSG 7vvxS77R2IwJM0GA9yk3uhVgwYLbA6MrUY7a8HwhQINs2XJdtDSZ0BMwQgLu9M37 T0BpJBOa7QoR7Sr/PHH3difKuCEBlCOZZ5xTrHWabF3CWJuS/++OS+SMDgB0TPIs crZgimYlwilCeP8XAmmpoohmaIL2DGJNsW9MCJOIYa6HQJ2dftHaHvalC7IIkzN1 oma76xtPcmPMG41IQ0vKWOP7cYhz0hsL9Z9wq7/E9waRncVwV5aBMekFvPb7JeXC ZwJhoG2Z8IzdHL5teEL0N6Tznk9ZlX2F0v7MyJc+cUgVLJAr9fYIw2Lyqa1vQZ6D FwlKKC3y+QVvpgYP4uGGI5tXuMDhTXdSRdOipO5DlgJtnd9s+GcbP1Y/rQz/1mXq DC/KjrYNxZVd5X/xCU3cMrCtjCOovDq7yRXtJwDOM82sTMe5PEUdDIadxbYYF6k9 m7j1r8lMJJBxD6XiIn1bST+/SyZWzHJO0ZipHU3lU80/u63zhl7A/UyS+ggX80kQ 3udEk0bK =lKDS -----END PGP SIGNATURE----- ``` All should work now and different messages appear depending on whether a userId and/or a keyId is found.

wiktor commented

2020-06-26 19:59:09 +00:00

Poster

Oh, by the way - how could I've forgotten 🤦 There is a really cool site for debugging OpenPGP messages: https://dump.sequoia-pgp.org/

If you paste your second message you'll see:

Signature Packet, old CTB, 579 bytes
    Version: 4
    Type: Text
    Pk algo: RSA (Encrypt or Sign)
    Hash algo: SHA256
    Hashed area:
      Issuer Fingerprint: A20F CFB7 8B44 9A7C 95AE  BB65 3736 7F4A F408 7AD1
      Signature creation time: 2020-06-25 11:18:51 UTC
      Signer's User ID: yarmo@yarmo.eu  <-------------- here it is
    Unhashed area:
      Issuer: 3736 7F4A F408 7AD1
    Digest prefix: AD4C
    Level: 0 (signature over data)

Much better than gpg --list-packets!

See you later! 👋

Oh, by the way - how could I've forgotten 🤦 There is a really cool site for debugging OpenPGP messages: https://dump.sequoia-pgp.org/ If you paste your second message you'll see: ``` Signature Packet, old CTB, 579 bytes Version: 4 Type: Text Pk algo: RSA (Encrypt or Sign) Hash algo: SHA256 Hashed area: Issuer Fingerprint: A20F CFB7 8B44 9A7C 95AE BB65 3736 7F4A F408 7AD1 Signature creation time: 2020-06-25 11:18:51 UTC Signer's User ID: yarmo@yarmo.eu <-------------- here it is Unhashed area: Issuer: 3736 7F4A F408 7AD1 Digest prefix: AD4C Level: 0 (signature over data) ``` Much better than `gpg --list-packets`! See you later! 👋

yarmo commented

2020-06-27 14:32:07 +00:00

Owner

Awesome tool! (sequoia-pgp rocks 👍 )

yarmo closed this issue

2020-06-27 14:32:11 +00:00

Detect and download the public key automatically #1