[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #14187 [Tor Browser]: use OpenPGP notations to sign the names of files to prevent file name tampering

Subject: [tor-bugs] #14187 [Tor Browser]: use OpenPGP notations to sign the names of files to prevent file name tampering
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 13 Jan 2015 00:46:28 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 12 Jan 2015 19:46:37 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#14187: use OpenPGP notations to sign the names of files to prevent file name
tampering
-------------------------+--------------------------
 Reporter:  proper       |          Owner:  tbb-team
     Type:  enhancement  |         Status:  new
 Priority:  normal       |      Milestone:
Component:  Tor Browser  |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+--------------------------
 Since 'GPG signatures do not authenticate filenames' (#2340), consider
 using OpenPGP notations to embed the name of the file within the gpg
 signature.

 Try this:

 {{{
 echo "test" > x
 gpg --armor --set-notation file@name="x" --detach-sign x
 gpg --verify-options show-notations --verify x.asc
 }}}

 Example output:

 {{{
 ~ $ echo "test" > x
 ~ $ gpg --armor --set-notation file@name="x" --detach-sign x

 You need a passphrase to unlock the secret key for
 user: "Patrick Schleizer <adrelanos@xxxxxxxxxx>"
 4096-bit RSA key, ID 77BB3C48, created 2014-01-16 (main key ID 2EEACCDA)

 ~ $ gpg --verify-options show-notations --verify x.asc
 gpg: Signature made Mon 12 Jan 2015 11:13:19 PM UTC using RSA key ID
 77BB3C48
 gpg: Good signature from "Patrick Schleizer <adrelanos@xxxxxxxxxx>"
 [ultimate]
 gpg: Signature notation: issuer-
 fpr@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48
 gpg: Signature notation: file@name=x
 ~ $
 }}}

 You could then consider telling users in [https://www.torproject.org/docs
 /verifying-signatures.html.en verification documentation] to add
 `--verify-options show-notations` to their `gpg --verify` command to
 verify file names.

 Not a perfect solution, but a lightweight one. Could be the first step to
 something better. Can be easily done and automated by a signature creation
 shell script, that you might already have?

 (Asked about this on the [http://lists.gnupg.org/pipermail/gnupg-
 users/2015-January/052191.html gnupg-users mailing list] by the way.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14187>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #12585 [Tor]: Implement new option SocksSocket
Next by Author: Re: [tor-bugs] #2340 [Tor Browser]: GPG signatures do not authenticate filenames
Previous by thread: Re: [tor-bugs] #14186 [Tor]: Try to use fchmod() first when changing permissions on an AF_UNIX socket
Next by thread: Re: [tor-bugs] #13989 [Tor]: Freak out if we pick too many new guards in too short a time
Index(es):
- Author
- Thread