|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: GPG 1.0.3 doesn't detect modifications to files with multiple signatures
From: Jim Small (cavenewt
MY-DEJA.COM)Date: Wed Oct 11 2000 - 14:30:19 CDT
- Next message: Caldera Support Info: "Security Upeate: buffer overflows in ncurses"
- Previous message: stake Advisories: "stake Advisory: All-Mail buffer overrun vulnerability (A101200-2 )"
- Next in thread: Werner Koch: "Re: GPG 1.0.3 doesn't detect modifications to files with multiple signatures"
- Reply: Werner Koch: "Re: GPG 1.0.3 doesn't detect modifications to files with multiple signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
('binary' encoding is not supported, stored as-is) Attached is multiple copies of a file I had signed. Then I started modifying parts of the SIGNED message. To see if gpg could detect that the messages had been altered. It did not detect them, so long as the last signed message had not been altered.
Save this message as newfile.asc and run
gpg --verify newfile.asc -o /dev/null
to see for yourself (the key it was signed with is available via keyservers)
asdfasfasdfd
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I just added by one stuff to thie message
bogugfirst file encrypted with nobody dude on uinix box, send to nethole forpmail
this is actually encrypted with a valid pgpg key imported form win95
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE538QlZi9y1BQncn4RAj/vAKCmfScBFegl6LMD3Q99N51pvuHAIQCfUv5+ a05Yt6xZwd/PxtQsRe+88AQ=
=siBR
-----END PGP SIGNATURE-----
middle stuff
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
another wrong
first file encrypted with nobody dude on uinix box, send to nethole forpmail
this is actually encrypted with a valid pgpg key imported form win95
another file
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE538hvZi9y1BQncn4RAolnAKCwEJTyPm6895ybQfk1D5IfeqJjmwCg4MlP 3NbvJocg5ksql40aOTZf0MY=
=yBf2
-----END PGP SIGNATURE-----
asfasfasf end stuff
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
first file encrypted with nobody dude on uinix box, send to nethole forpmail
this is actually encrypted with a valid pgpg key imported form win95
bogud
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE538QlZi9y1BQncn4RAj/vAKCmfScBFegl6LMD3Q99N51pvuHAIQCfUv5+ a05Yt6xZwd/PxtQsRe+88AQ=
=siBR
-----END PGP SIGNATURE-----
stuff
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
first file encrypted with nobody dude on uinix box, send to nethole forpmail
this is actually encrypted with a valid pgpg key imported form win95
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE538QlZi9y1BQncn4RAj/vAKCmfScBFegl6LMD3Q99N51pvuHAIQCfUv5+ a05Yt6xZwd/PxtQsRe+88AQ=
=siBR
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
first file encrypted with nobody dude on uinix box, send to nethole forpmail
this is actually encrypted with a valid pgpg key imported form win95
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE538QlZi9y1BQncn4RAj/vAKCmfScBFegl6LMD3Q99N51pvuHAIQCfUv5+ a05Yt6xZwd/PxtQsRe+88AQ=
=siBR
-----END PGP SIGNATURE-----
gpg: Signature made Sat Oct 7 17:47:33 2000 PDT using DSA key ID 1427727E
gpg: Good signature from "James F. Small, Jr. <smalljnethole.com>" gpg: aka "Jim Small <smalljpacbell.net>" gpg: aka "James F. Small, Jr. <smalljsaic.com>" gpg: aka "James F. Small, Jr. <smalljsmall.cx>" gpg: Signature made Sat Oct 7 18:05:51 2000 PDT using DSA key ID 1427727E
gpg: BAD signature from "James F. Small, Jr. <smalljnethole.com>" gpg: Signature made Sat Oct 7 17:47:33 2000 PDT using DSA key ID 1427727E
gpg: Good signature from "James F. Small, Jr. <smalljnethole.com>" gpg: aka "Jim Small <smalljpacbell.net>" gpg: aka "James F. Small, Jr. <smalljsaic.com>" gpg: aka "James F. Small, Jr. <smalljsmall.cx>" gpg: Signature made Sat Oct 7 17:47:33 2000 PDT using DSA key ID 1427727E
gpg: Good signature from "James F. Small, Jr. <smalljnethole.com>" gpg: aka "Jim Small <smalljpacbell.net>" gpg: aka "James F. Small, Jr. <smalljsaic.com>" gpg: aka "James F. Small, Jr. <smalljsmall.cx>" gpg: Signature made Sat Oct 7 17:47:33 2000 PDT using DSA key ID 1427727E
gpg: Good signature from "James F. Small, Jr. <smalljnethole.com>" gpg: aka "Jim Small <smalljpacbell.net>" gpg: aka "James F. Small, Jr. <smalljsaic.com>" gpg: aka "James F. Small, Jr. <smalljsmall.cx>"
------------------------------------------------------------
--== Sent via Deja.com http://www.deja.com/ ==--
Before you buy.
- Next message: Caldera Support Info: "Security Upeate: buffer overflows in ncurses"
- Previous message: stake Advisories: "stake Advisory: All-Mail buffer overrun vulnerability (A101200-2 )"
- Next in thread: Werner Koch: "Re: GPG 1.0.3 doesn't detect modifications to files with multiple signatures"
- Reply: Werner Koch: "Re: GPG 1.0.3 doesn't detect modifications to files with multiple signatures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]