Signing a file given its hash only
Björn Persson
Bjorn at xn--rombobjrn-67a.se
Wed May 21 21:18:44 CEST 2025
Jay Acuna via Gnupg-users wrote:
> Companies can do as they like, but breaking up the signing internally
> like this is not part of the PGP standard and seems to amount to
> rolling your own crypto;
> which introduces probable vulnerabilities.
Like the vulnerability you introduced right here:
> #!/bin/sh
> # ./verify.sh <file list>
> fail() {
> echo $@
> exit 1
> }
> for i in $@ ; do
> gpg -d -- ${i}.signedhash | sha256sum -c || fail "Failed to verify"
> done
That script ignores the result of the signature verification. It will
return success if sha256sum finds that the hash matches the file, even
if the signature is invalid.
You can fix it by changing "sh" to "bash" and adding "set -o pipefail".
If you prefer another shell, I leave it to you to research how portable
pipefail is.
The ease of making that mistake is one of the reasons why you shouldn't
complicate things by signing files of hashes of files. Just sign the
files instead.
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signatur
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250521/e7b2beb8/attachment.sig>
More information about the Gnupg-users
mailing list