lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20120614091826.GA2776@sivokote.iziade.m$>
Date: Thu, 14 Jun 2012 12:18:26 +0300
From: Georgi Guninski <guninski@...inski.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Strange gpg key shadowing

While wasting my time with apt-key noticed strange behaviour with
colliding subkeys.

Out of paranoia ubuntu disallows importing certain trusted keyids.
This is trivial to circumvent by making a collision with subkey.

Attached is a key with subkey keyid colliding with 
Ubuntu Archive Master Signing Key <ftpmaster@...ntu.com>.

By emulating apt-key netupdate, noticed that the order of the keyrings
is important. If the master keyring is first, the colliding key with
correct signature fails validation (probably because the other key is used).
If the colliding keyring is first, everything is ok (modulo reporting wrong
signer).

Probably this may lead to gpg abuse.

colliding first:

$gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --keyring /tmp/sec1 --keyring /usr/share/keyrings/ubuntu-master-keyring.gpg  --check-sigs
/tmp/sec1
---------
pub   1024R/76A4410F 2012-06-13
uid                  fuck31 (f) <f@f>
sig!3        76A4410F 2012-06-13  fuck31 (f) <f@f>
sig!         3F272F5B 2012-06-13  fuck31 (f) <f@f>
sig!         3F272F5B 2012-06-13  fuck31 (f) <f@f>
sub   1024R/2376C859 2012-06-13
sig!         76A4410F 2012-06-13  fuck31 (f) <f@f>
sub   2180R/3F272F5B 2012-06-13
sig!         76A4410F 2012-06-13  fuck31 (f) <f@f>

/usr/share/keyrings/ubuntu-master-keyring.gpg
---------------------------------------------
pub   4096R/3F272F5B 2007-11-09
uid                  Ubuntu Archive Master Signing Key <ftpmaster@...ntu.com>
sig!3        3F272F5B 2007-11-09  fuck31 (f) <f@f> #wrong

1 signature not checked due to a missing key


master first:

$gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --keyring /usr/share/keyrings/ubuntu-master-keyring.gpg  --keyring /tmp/sec1  --check-sigs
/usr/share/keyrings/ubuntu-master-keyring.gpg
---------------------------------------------
pub   4096R/3F272F5B 2007-11-09
uid                  Ubuntu Archive Master Signing Key <ftpmaster@...ntu.com>
sig!3        3F272F5B 2007-11-09  Ubuntu Archive Master Signing Key <ftpmaster@...ntu.com>

/tmp/sec1
---------
pub   1024R/76A4410F 2012-06-13
uid                  fuck31 (f) <f@f>
sig!3        76A4410F 2012-06-13  [User ID not found]
sig-         3F272F5B 2012-06-13  Ubuntu Archive Master Signing Key <ftpmaster@...ntu.com> # wrong, signer is a subkey of f@f
sig-         3F272F5B 2012-06-13  Ubuntu Archive Master Signing Key <ftpmaster@...ntu.com> # wrong, signer is a subkey of f@f.
sub   1024R/2376C859 2012-06-13
sig!         76A4410F 2012-06-13  [User ID not found]
sub   2180R/3F272F5B 2012-06-13
sig!         76A4410F 2012-06-13  [User ID not found]

2 bad signatures
1 signature not checked due to a missing key





Download attachment "sec1" of type "application/octet-stream" (2016 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ