[OTR-users] Problem with signature file?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Feb 13 11:56:28 EST 2014


On 02/13/2014 11:07 AM, Andy Roberson wrote:

> Thanks for the informative reply.

not as informative as i should have been, i'm afraid...

> I am not able to import the key from
> https://otr.cypherpunks.ca/pidgin-otr-4.0.0.tar.gz.asc onto my keyring,

i think the problem you're having here is conceptual because these files
haven't been properly explained.

the .asc file is a signature, not a public key or OpenPGP certificate.

The signature is made by a public key, which you can get from the
keyservers using this command i mentioned earlier (the \ means that it
should all be wrapped around to one line):

  gpg --keyserver pool.sks-keyservers.net \
     --recv 0x576979E7D0CAB38C7AA3DDBDDED64EBB2BA87C5C

Alternately, it looks like you can fetch the key from the OTR web site with:

 wget -O- https://otr.cypherpunks.ca/gpgkey.asc | gpg --import

once you have the key, the signature, and the tarball (the tar.gz file),
you can verify that the signature is made by the key in question with:

   gpg --verify pidgin-otr-4.0.0.tar.gz.asc

> But I presume that really isn't verifying anything other than the fact
> the file is properly signed by "someone".

This is an excellent question.  Normally, its answered by some sort of
public assertion, or by an OpenPGP chain of certifications from someone
whose identity is already known.

I'm not in the right position to make the public assertion (i don't know
the signing key with any certainty myself), but some people would
consider the publication of the key at
https://otr.cypherpunks.ca/gpgkey.asc to be a public assertion that this
is the signing key (though you have to trust the certificate authority
signing the X.509 cert for the web server and the system administrator
of the system to consider this cryptographically-verified).

I'll try to show the OpenPGP chain of certifications below, here
(warning: it's not pretty in this case):

I know that Ian Goldberg (at U of Waterloo) is one of the primary movers
behind OTR.  His homepage is:

 https://cs.uwaterloo.ca/~iang/

and there, it states:

   PGP fingerprint: 1024/2B48F6F5 5EA3373F87BC2042 E741EA5404BEAFBC

Unfortunately, that's an OpenPGPv3 fingerprint, which is not considered
reasonable for public use, since they're trivially spoofable (it's also
a 1024-bit RSA key, which is too small for public use these days).

Ignoring these warning signs, i fetch Ian's key using the short Key ID
(also spoofable):

  gpg --recv 0x2B48F6F5

then i also fetch what i suspect is the OTR dev team signing key:

  gpg --recv 0x576979E7D0CAB38C7AA3DDBDDED64EBB2BA87C5C

now i try to verify the certifications on it:

0 dkg at alice:~/tmp/otr$ gpg --check-sigs 'OTR Dev Team'
pub   1024D/2BA87C5C 2004-12-01
uid                  OTR Dev Team <otr at cypherpunks.ca>
sig!3        2BA87C5C 2004-12-01  OTR Dev Team <otr at cypherpunks.ca>
sig!         2B48F6F5 2004-12-01  Ian Goldberg <iang at cs.uwaterloo.ca>

4 signatures not checked due to missing keys
0 dkg at alice:~/tmp/otr$

So, barring anyone spoofing Ian's fingerprint (trivial to do) or
cracking either 1024-bit RSA or 1024-bit DSA (both plausible for
well-funded organizations today but not yet publicly documented) or
breaking MD5 (looking more closely, Ian's certification of the OTR Dev
Team key is using RSA-over-MD5), or UofW's system administrators putting
false fingerprint information on Ian's homepage, or a rogue CA issuing a
bad certificate for cs.uwaterloo.ca and my fetch of Ian's homepage being
MiTMed, then Yes, we have an OpenPGP chain of certification.

Not quite the level of confidence that one might like in this situation,
but at least marginally stronger than "i guess this is the right thing."

Ian, you could improve this situation by starting your transition a
stronger personal OpenPGP key and updating the footer in your homepage.
 And whoever controls the OTR Dev Team key could also improve this by
transitioning that team to a stronger OpenPGP key.

hth,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cypherpunks.ca/pipermail/otr-users/attachments/20140213/2e81ef69/attachment.pgp>


More information about the OTR-users mailing list