[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Problems? Verifying signatures in Tor 4.0.4

To: Simon Nicolussi <sinic@xxxxxxxxxx>
Subject: Re: [tor-talk] Problems? Verifying signatures in Tor 4.0.4
From: andre76@xxxxxxxxxxx
Date: Mon, 02 Mar 2015 13:51:25 +0100
Cc: tor-talk@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 02 Mar 2015 07:51:39 -0500
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.fm; h= message-id:x-sasl-enc:from:to:cc:mime-version :content-transfer-encoding:content-type:in-reply-to:references :subject:date; s=mesmtp; bh=bFRZUSDnUDkfVQ02mmGcSzgcvOg=; b=aZP+ 6wcAQmpS1w7rEOKZTcehzGCiqWdRF3sS+fCS1/fv5AUAmE7GrrxGGrjpoCN6p5ST ykqN5HL5VRL+9dtRgbsz1UWztSir/7wg7jAgPNITNAtImWj18NHGWHWM6iU4qbD1 dV9XM4zS+/f0mw6+Z+24hK0/Mv3jp/UVMTU1nsE=
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:x-sasl-enc:from:to:cc :mime-version:content-transfer-encoding:content-type:in-reply-to :references:subject:date; s=smtpout; bh=bFRZUSDnUDkfVQ02mmGcSzgc vOg=; b=jkp4guEgQBopzLydIrY6OfPPoSnPxswOImrou+8/GP+ocD9XIw5cl98U kSpuZSZRnK1ZLnFliMasieipAFD6JWa+sT/lUOzGwvejV/CBB+UYkQEIHf9F4cps I5m2H6omAEf7ZLi9tdEfzAWHgJVhmxtvzoEEmnn3OwxTG9DVke8=
In-reply-to: <20150228172317.GA10044@xxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1424955764.2354591.232742237.2CF4B4C5@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <20150226165538.GA24850@xxxxxxxxxxxxxxxxxxxxxx> <1425041044.54292.233221517.5204784B@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <20150227132458.GE2262@xxxxxxxxxxxxxxxx> <1425130079.1646121.233614441.35E2D594@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <20150228172317.GA10044@xxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>


On Sat, Feb 28, 2015, at 06:23 PM, Simon Nicolussi wrote:
> andre76@xxxxxxxxxxx wrote:
> > I have no idea what all of this means but when I see something that says
> > "BAD signature" that tells me something is wrong.
> 
> Yes, the .asc file that Nicolas was talking about is the one an attacker
> would distribute alongside a manipulated .tar.xz file. Your .asc file is
> fine, so GnuPG sounds the alarm if someone messed with the archive.
> 
> An attacker, however, could easily fool GnuPG with a file inline-signed
> by the Tor Browser Developers. Using, e.g., sha256sums.incrementals.txt
> and the respective detached signature sha256sums.incrementals.txt.asc
> (both available at https://dist.torproject.org/torbrowser/4.0.4/), an
> attacker first creates a signed file with an arbitrary key:
> > $ gpg2 --digest-algo SHA1 --compress-algo uncompressed       \
> > >      --set-filename tor-browser-linux32-4.0.4_en-US.tar.xz \
> > >      --output fake.asc --sign sha256sums.incrementals.txt
> 
> The newly created signature packet gets thrown away:
> > $ eval $(gpg2 --list-packets fake.asc | grep ^# | grep " tag=2 " \
> > >                                     | grep -o " off=[[:digit:]]* ")
> > $ dd if=fake.asc of=tor-browser-linux32-4.0.4_en-US.tar.xz.asc \
> > > bs=1 count=$off
> 
> And the signature of the Tor Browser Developers takes its place:
> > $ gpg2 --output - --dearmor sha256sums.incrementals.txt.asc \
> >        >> tor-browser-linux32-4.0.4_en-US.tar.xz.asc
> 
> GnuPG now won't even take a look at the .tar.xz archive when called with
> that .asc file as its only argument, but still reports a good signature.
> I've attached the file for you to try it out.
> 
> > What must be done to fix this?
> 
> Specify both the detached signature and the archive you want to verify.
> 
> -- 
> Simon Nicolussi <sinic@xxxxxxxxxx>
> http{s,}://{www.,}sinic.name/
> Email had 2 attachments:
> + tor-browser-linux32-4.0.4_en-US.tar.xz.asc
>   8k (text/plain)
> + Attachment2
>   1k (application/pgp-signature)

Thanks for the help but I have no idea if the Tor files I have a good or
bad.

Here's the output from terminal;

$ gpg --verify tor-browser-linux32-4.0.4_en-US.tar.xz.asc
tor-browser-linux32-4.0.4_en-US.tar.xz
gpg: Signature made Wed 25 Feb 2015 02:54:55 AM EST using RSA key ID
F65C2036
gpg: BAD signature from "Tor Browser Developers (signing key)
<torbrowser@xxxxxxxxxxxxxx>"

Are these files good or bad and not to be trusted? If not to be trusted
which aren't to be trusted?

-- 
http://www.fastmail.com - Email service worth paying for. Try it for free

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Problems? Verifying signatures in Tor 4.0.4
  - From: Geoff Down

Prev by Author: [tor-talk] hidden service with only one authorized client
Next by Author: Re: [tor-talk] Problems? Verifying signatures in Tor 4.0.4
Previous by thread: Re: [tor-talk] How can I let tor use the local dns settings instead of using its built-in dns queries?
Next by thread: Re: [tor-talk] Problems? Verifying signatures in Tor 4.0.4
Index(es):
- Author
- Thread