How to verify a detached signature

reynt0 reynt0 at cs.albany.edu
Tue Jun 16 06:21:11 CEST 2009


On Mon, 15 Jun 2009 gpg2.20.maniams at dfgh.net wrote [both ">>>"
and ">" are by gpg2.20.maniams]:
  . . .
>>> 3. This sender has so far sent me multiple files with signatures. The
>>> data files are named "filename_dd_mm_yy.html" and the signature is
>>> always called signature.bin (no date of no identifiable marks). All data
>>> files are only signed and not encrypted
  . . .
> *Probably *one of the following two is happening
>
> 1. This signature is NOT GPG compliant
> 2. Probably this signature is GPG / PGP compliant but GPG is unable to
> recognise this as a GPG signature
  . . .

Or maybe the "signature.bin" files are not really
signatures, but eg some attack file which some
attack code on the "click here" website (you mentioned
in your original post) would try to run on your
host with your privileges?  Isn't something like that
a known attack, exploiting some browser vulnerability?
Or maybe the "signature.bin" files are intentionally
bad, to frustrate you into going ahead and doing the
"click here" trick which so far you have been
level-headed enough not to be fooled by?  Or maybe
frustrate you into opening the html files you received,
and they contain some attack code?  Or maybe a simpler
trick, hoping you might somehow run the .bin files just
by mistake, and they are attack files?  Or maybe there
is some attack on some crypto software's code which is
felt to look at signature files insecurely?  Or who knows
what ... :-) ?  Have you looked at the "signature.bin"
files in a (secure) editor or similar?   HTH



More information about the Gnupg-users mailing list