Chapter 5 More About Signatures

5.3 Digital Signature Types

“When signing data, GnuPG takes input (a file or chunk of text) as a single unit, then signs it. That is, it generates a hash on the data to be signed and then generates the digital signature, and then adds the sig- nature to a copy of the original data. It’s like wrapping a package: you can’t see the inside without taking the wrapping paper off. After

generating the signature, GnuPG takes the signed data, plus the signa- ture, and compresses it. That’s like taking the wrapped package and putting it inside another box. And then, GnuPG takes the signed and compressed data, and encrypts it--like taking the whole thing and put- ting it inside a locked container.”

Sam continues:“The default type of signature is called an attached signature, and the ‘signature’ is actually a file (or block of data) that contains the cryptographic data generated when signing the plaintext plusthe plaintext. This is what you get when you use the basic GnuPG commandgpg --sign.”

“The only way to get any data out of the signature itself is to ‘ver- ify’ the file--but that is done by extracting the plaintext after verifying the signature, and extracting the compressed data prior to verifying.

And you can verify two ways, first, with thegpg --verify command, which reports back on whether the signature is good or not (or with an error if the file being verified isn’t recognized as a signed file). Second, GnuPG will verify as well as decrypt the file if you use the gpg --decryptcommand.”

“As you say, Bob, this is a pain: the obvious difficulty is that a signed plaintext file becomes a file that is, if not encrypted, no longer accessible as plaintext. You must extract the plaintext before you can see what’s been signed.”

Sam continues:“Two problems with default GnuPG signatures are, first, how to validate downloaded files without forcing all downloaders to extract the desired file from a signature file. The second is how to generate ASCII-armored output to include signed plaintexts in e-mails or other text-oriented applications.”

“Wrapping plaintext with the signature means that the signed file, if it’s a program or application data, has to be extracted to be used, and thus is no longer the‘same’ file as signed².”Sam pushes his plate away and goes on:

“So, three types of signatures are supported in GnuPG: clearsigned signatures, detached signatures, and attached signatures. To generate

2The extracted plaintext file’s contents will be the same as the original plaintext, but the file’s metadata (e.g., the date it was created) will be different. It’s a minor issue, but still an issue.

57 More About Signatures

ASCII-armored output, without any compression, usegpg --clearsign. For example, I can clearsign a quick message to my mom³, and it will look like this:”

---BEGIN PGP SIGNED MESSAGE --- Hash: SHA1

Hi Mom! On my way to Sylvania, on schedule!

---BEGIN PGP SIGNATURE ---

iQEcBAEBAgAGBQJRBqciAAoJEO8+juPIG91/ffIH/Rbs9IVOIEpJYVInMYZw/EMt is9HL4wwNWE9Qw1VKv4hXpB8XBID9Uub7xR1QWhtQ0D+ukLyC6ur+nLqLIVcZUJc 5wOVBYvdjCeBgV7Go+ QRgChVapBKBZyTJuahE6PgtXh1c3nekHCcXsencs6azTTG qTMTxm7bjEEE1G3y1NL85hEOdA2A/LIBjz3btvl8Cp3vLz78/av2StMdDt5DiSdg NB10hQMSEzPi5h8I3fNIGdFtOMHWBGRFIjs74G7GrLsA6P9dbU+B/8uKCMFEBqD3 1b9Ze4yuey7BaWQHsBj7ZTtg7tOmRvZuFVS9tbIfrKBkrDUVdwoq4GDyuxDH2Mw=

=/hbp

---END PGP SIGNATURE ---

“I can copy that whole thing into an e-mail message, or even take a picture of it and send the picture--as long as the whole thing is entered back into GnuPG and verified.” Sam says, “My mother doesn’t have to verify the text to read it, but if she wants to be certain it was I who sent it, she can verify it at her leisure.”

“With detached signatures you can access plaintext without verifi- cation, but more often used to sign downloaded files, especially soft- ware. For example, when you download GnuPG, you download a separate signature file. If you’re not worried about integrity of the program, you can use it without verification--or if you are worried, you can use the detached signature to verify the file without chang- ing the downloaded file⁴. This is how to do a detached signature on a file”:

$ gpg --detach-sign linuxdistro.iso

You need a passphrase to unlock the secret key for user: "Sam Mallory <sam.mallory.404@gmail.com>"

2048-bit RSA key, ID C81BDD7F, created 2012 -11-12

$ ls -l *.iso*

-rw-r--r-- 1 sam.mallory staff 13094912 Jan 30 17:06 linuxdistro.iso -rw-r--r-- 1 sam.mallory staff 287 Jan 30 17:07 linuxdistro.iso.sig

3Sam uses the command gpg --clearsign and enters his message interactively. The output shown is displayed on the terminal screen, and can be copied and pasted into a message.

4You should verifyalldownloads,especiallyif the download relates to security.

“It’s a typical GnuPG command: --detach-sign (abbreviated as -b). GnuPG signs the thing after the command (in this case, the file linuxdistro.iso, though it could also be a block of text you enter interactively⁵), and outputs to a file called linuxdistro.iso.sig (default: the signed filename plus.sig).”

Sam continues: “GnuPG generates the detached signature, but instead of writing it out as GnuPG output file (which implies com- pression, by the way), GnuPG writes signature data into a small separate file. You can’t authenticate the signature without both the original file and the .sig file. To verify the detached signature, put both files in the same directory and use the --verify command”:

$ gpg --verify linuxdistro.iso.sig

gpg: Signature made Tue Jan 29 10:55:36 2013 EST using RSA key ID C81BDD7F gpg: Good signature from "Sam Mallory <sam.mallory.404@gmail.com>"

“Could I use the--decryptcommand too?”asks Bob.

“Yes, but if you’re not sure what’s in a GnuPG file⁶, just run GnuPG without specifying a command; for more information about what happens, use the -v (verbose) option,” says Sam, “and add v’s for more verbosity (e.g.,-vvv).”

“OK,” Bob says, “Now, tell me about verifying the different kinds of signatures.”