Mailing List Archive: GnuPG: devel

GPGME: Signature summary

Index | Next | Previous | View Threaded

mat69 at gmx

Oct 15, 2009, 8:32 AM

Post #1 of 10 (987 views)
Permalink

GPGME: Signature summary

Hi,

I do a verification of a file and what baffles me is the summary of the
signature. If I use a wrong file it correctly outputs GPGME_SIGSUM_RED, yet if
the file is correct it outputs 0 instead of GPGME_SIGSUM_VALID (==1). I wonder
if that is a bug somewhere in GPGME.

Just to be sure that it is not an error in my code I post it here (removed
error handling/cleaning up to make it more readable):

std::cout << "Version: " << gpgme_check_version(0) << std::endl;

gpgme_ctx_t ctx = 0;
gpgme_error_t err = gpgme_new(&ctx);
err = gpgme_engine_check_version(GPGME_PROTOCOL_OpenPGP);

if (gpgme_set_protocol(ctx, GPGME_PROTOCOL_OpenPGP)) {
std::cerr << "ERROR: Setting protocol failed." << std::endl;
return;
}

gpgme_data_t data;
std::FILE *dataFile;
dataFile = std::fopen("/home/kde-devel/test-meta/pgp/patch-2.6.31.gz",
"r");
err = gpgme_data_new_from_stream(&data, dataFile);

gpgme_data_t sig;
std::FILE *sigFile;
sigFile = std::fopen("/home/kde-devel/test-meta/pgp/patch-2.6.31.gz.sign",
"r");
err = gpgme_data_new_from_stream(&sig, sigFile);

err = gpgme_op_verify(ctx, sig, data, 0);
const gpgme_verify_result_t result = gpgme_op_verify_result(ctx);

gpgme_signature_t signature = result->signatures;
while (signature) {
std::cout << "Status: " << gpgme_err_code(signature->status) << "
summary: " << signature->summary << std::endl;
signature = signature->next;
}

It reports "Status: 0 summary: 0", while it should imo be "Status: 0 summary:
1"

Cheers,
matthias

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

mat69 at gmx

Oct 15, 2009, 9:12 AM

Post #2 of 10 (935 views)
Permalink

Re: GPGME: Signature summary [In reply to]

On Thursday 15 October 2009 17:32:20 Matthias Fuchs wrote:
> Hi,
>
> I do a verification of a file and what baffles me is the summary of the
> signature. If I use a wrong file it correctly outputs GPGME_SIGSUM_RED, yet
> if the file is correct it outputs 0 instead of GPGME_SIGSUM_VALID (==1). I
> wonder if that is a bug somewhere in GPGME.

OK, I mixed up something, imo it should be GPGME_SIGSUM_GREEN because it is
GPGME_VALIDITY_UNKNOWN.

Imo the code in
static void calc_sig_summary (gpgme_signature_t sig)
verify.c:96++
is wrong.

It should probably be something like:

/* Calculate the red/green flag. */
if (sig->validity == GPGME_VALIDITY_FULL
|| sig->validity == GPGME_VALIDITY_ULTIMATE)
{
if (gpg_err_code (sig->status) == GPG_ERR_NO_ERROR)
sum |= GPGME_SIGSUM_VALID;
else if(gpg_err_code (sig->status) == GPG_ERR_SIG_EXPIRED
|| gpg_err_code (sig->status) == GPG_ERR_KEY_EXPIRED)
sum |= GPGME_SIGSUM_GREEN;
}
else if (sig->validity == GPGME_VALIDITY_NEVER)
{
if (gpg_err_code (sig->status) == GPG_ERR_NO_ERROR
|| gpg_err_code (sig->status) == GPG_ERR_SIG_EXPIRED
|| gpg_err_code (sig->status) == GPG_ERR_KEY_EXPIRED)
sum |= GPGME_SIGSUM_RED;
}
else if (sig->validity == GPGME_VALIDITY_UNKNOWN)
{
if (gpg_err_code (sig->status) == GPG_ERR_NO_ERROR)
|| gpg_err_code (sig->status) == GPG_ERR_SIG_EXPIRED
|| gpg_err_code (sig->status) == GPG_ERR_KEY_EXPIRED)
sum |= GPGME_SIGSUM_GREEN;
}
else if (gpg_err_code (sig->status) == GPG_ERR_BAD_SIGNATURE)
sum |= GPGME_SIGSUM_RED;

Btw. I don't get what this is for and think that it does not work:
if ((sum & GPGME_SIGSUM_GREEN) && !(sum & ~GPGME_SIGSUM_GREEN))
sum |= GPGME_SIGSUM_VALID;

If you want to check wether GPGME_SIGSUM_GREEN is the only flag set you should
do it imo differently, I did not try it though, but I think that it works:
if (sum == GPGME_SIGSUM_GREEN)
sum = GPGME_SIGSUM_VALID;

Cheers,
matthias

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

mat69 at gmx

Oct 15, 2009, 10:07 AM

Post #3 of 10 (934 views)
Permalink

Re: GPGME: Signature summary [In reply to]

Btw. my changes still do not handle all gpgme_validity_t, but imo they should
all be handled.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

mat69 at gmx

Oct 15, 2009, 10:47 AM

Post #4 of 10 (935 views)
Permalink

Re: GPGME: Signature summary [In reply to]

On Thursday 15 October 2009 21:37:28 Werner Koch wrote:
> On Thu, 15 Oct 2009 17:32, mat69 [at] gmx said:
> > I do a verification of a file and what baffles me is the summary of the
> > signature. If I use a wrong file it correctly outputs
> > GPGME_SIGSUM_RED, yet if
>
> There are a couple of reasons for this. I took this opportunity to
> write a litte test program which prints almost all information we get
> back from a signature verification. Maybe the output will be helpful.

I do understand the output, though imo static void calc_sig_summary
(gpgme_signature_t sig) does not correctly handle the gpgme_sigsum_t, as it
can return something that actually is not a gpgme_sigsum_t as I outlined in
the answer to my own mail.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

wk at gnupg

Oct 15, 2009, 12:37 PM

Post #5 of 10 (934 views)
Permalink

Re: GPGME: Signature summary [In reply to]

On Thu, 15 Oct 2009 17:32, mat69 [at] gmx said:

> I do a verification of a file and what baffles me is the summary of the
> signature. If I use a wrong file it correctly outputs
> GPGME_SIGSUM_RED, yet if

There are a couple of reasons for this. I took this opportunity to
write a litte test program which prints almost all information we get
back from a signature verification. Maybe the output will be helpful.

$ ./run-verify foo.sig foo
Original file name: [none]
Signature 0
status ....: Success
summary ...: valid green
fingerprint: 7B96D396E6471601754BE4DB53B620D01CE0C630
created ...: 1255634851
expires ...: 0
validity ..: full
val.reason : Success
pubkey algo: 1
digest algo: 2
pka address: [none]
pka trust .: n/a
other flags:
notations .: no

Shalom-Salam,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

Attachments:

run-verify.c (6.54 KB)

run-support.h (4.52 KB)

mat69 at gmx

Oct 16, 2009, 2:22 AM

Post #6 of 10 (932 views)
Permalink

Re: GPGME: Signature summary [In reply to]

On Friday 16 October 2009 12:31:01 Werner Koch wrote:
> If you set the VALID flag here you would need to reset it later if any
> other special conditions are figured out. For example later you see:
>
> /* Check other flags. */
> if (sig->wrong_key_usage)
> sum |= GPGME_SIGSUM_BAD_POLICY;
>
> This sets another bit and thus the VALID flag is not anymore correct.
This would imo apply to the current code as well.
> GREEN says: Fine, but check the other flags. GREEN/RED is a simple
> thumb up/down indicator to give a basic indication on the status of a
> signature. In contrast, VALID says: The system has no doubts whatsoever
> on the validity of the signature.
>
> Note that there is also an implicit YELLOW status which should be
> assumed if neither GREEN or RED is set. It means that there are not
> enough information to say something about the signature status. KMail
> uses these colors to render a frame around the message.
The problem I have still remains though and is unadressed, namely summary
returning 0, a value that is not defined for gpgme_sigsum_t and imo that is
not a good practice as it leaves the user in the cold of what is the case. So
my code might not be the solution but something has to change there.

And as I have pointed out this happens when GPGME_VALIDITY_UNKNOWN is set.
Even if the signature is correct. So what is one supposed to do when summary
returns 0?

Cheers
Matthias

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

wk at gnupg

Oct 16, 2009, 3:31 AM

Post #7 of 10 (932 views)
Permalink

Re: GPGME: Signature summary [In reply to]

On Thu, 15 Oct 2009 18:12, mat69 [at] gmx said:

> It should probably be something like:
>
> /* Calculate the red/green flag. */
> if (sig->validity == GPGME_VALIDITY_FULL
> || sig->validity == GPGME_VALIDITY_ULTIMATE)
> {
> if (gpg_err_code (sig->status) == GPG_ERR_NO_ERROR)
> sum |= GPGME_SIGSUM_VALID;

Nope. Check the definition:

@item GPGME_SIGSUM_VALID
The signature is fully valid.

@item GPGME_SIGSUM_GREEN
The signature is good but one might want to display some extra
information. Check the other bits.

If you set the VALID flag here you would need to reset it later if any
other special conditions are figured out. For example later you see:

/* Check other flags. */
if (sig->wrong_key_usage)
sum |= GPGME_SIGSUM_BAD_POLICY;

This sets another bit and thus the VALID flag is not anymore correct.
GREEN says: Fine, but check the other flags. GREEN/RED is a simple
thumb up/down indicator to give a basic indication on the status of a
signature. In contrast, VALID says: The system has no doubts whatsoever
on the validity of the signature.

Note that there is also an implicit YELLOW status which should be
assumed if neither GREEN or RED is set. It means that there are not
enough information to say something about the signature status. KMail
uses these colors to render a frame around the message.

> If you want to check wether GPGME_SIGSUM_GREEN is the only flag set you should
> do it imo differently, I did not try it though, but I think that it works:

Sure this is the same but some folks may ask: Did you forgot that this
is about a bit vector, so by doing an explicit bit test this makes it
clear ;-). A reason for this code might be that we once changed the
test and it used to test other bits as well. I added comment to make
clean what we are doing.

Salam-Shalom,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

wk at gnupg

Oct 16, 2009, 5:26 AM

Post #8 of 10 (936 views)
Permalink

Re: GPGME: Signature summary [In reply to]

On Fri, 16 Oct 2009 11:22, mat69 [at] gmx said:

>> This sets another bit and thus the VALID flag is not anymore correct.
> This would imo apply to the current code as well.

Nope. The code sets the valid bit at the end of the function _only_ if
no other bits but GREEN is set. That is what VALID is about.

> The problem I have still remains though and is unadressed, namely summary
> returning 0, a value that is not defined for gpgme_sigsum_t and imo that is
> not a good practice as it leaves the user in the cold of what is the case. So

I already mentioned that this indicates: Not enough information to tell
anything about the validity of the signature.

> And as I have pointed out this happens when GPGME_VALIDITY_UNKNOWN is set.
> Even if the signature is correct. So what is one supposed to do when summary
> returns 0?

You can't tell anything without further digging into the subject. The
mathematical correctness of the signature does not tell you anything.
It is not more than a checksum to spot errors on the transport channel.

What some programs do is to check the key used to create the signature
against a database of known keys and from that deduce that this is a
valid signature. This is what I mean with YELLOW state: Use other means
to see whether you driver trough the crossing / take the signature as
valid.

Salam-Shalom,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

mat69 at gmx

Oct 16, 2009, 6:51 AM

Post #9 of 10 (931 views)
Permalink

Re: GPGME: Signature summary [In reply to]

On Friday 16 October 2009 14:26:38 Werner Koch wrote:
> On Fri, 16 Oct 2009 11:22, mat69 [at] gmx said:
> >> This sets another bit and thus the VALID flag is not anymore correct.
> >
> > This would imo apply to the current code as well.
>
> Nope. The code sets the valid bit at the end of the function _only_ if
> no other bits but GREEN is set. That is what VALID is about.
Oh, sorry, obviously I did not look at it good enough.

> > The problem I have still remains though and is unadressed, namely summary
> > returning 0, a value that is not defined for gpgme_sigsum_t and imo that
> > is not a good practice as it leaves the user in the cold of what is the
> > case. So
>
> I already mentioned that this indicates: Not enough information to tell
> anything about the validity of the signature.
>
> > And as I have pointed out this happens when GPGME_VALIDITY_UNKNOWN is
> > set. Even if the signature is correct. So what is one supposed to do when
> > summary returns 0?
>
> You can't tell anything without further digging into the subject. The
> mathematical correctness of the signature does not tell you anything.
> It is not more than a checksum to spot errors on the transport channel.

So I have to assume that 0 tells me that it is mathematical correct, as it
would be e.g. 4 otherwise?

I thought it was more than a checksum but rather telling me that the file was
signed with a key of which I have the public version, if the owner of that key
is who I think he is would be a different story...

> What some programs do is to check the key used to create the signature
> against a database of known keys and from that deduce that this is a
> valid signature. This is what I mean with YELLOW state: Use other means
> to see whether you driver trough the crossing / take the signature as
> valid.
In that case it would be great if the documentation could be adapted to this,
mentioning when it would be zero.

Btw.

case GPG_ERR_SIG_EXPIRED:
if (gpg_err_code (sig->status) & GPG_ERR_KEY_EXPIRED)
sum |= GPGME_SIGSUM_KEY_EXPIRED;
sum |= GPGME_SIGSUM_SIG_EXPIRED;
break;

case GPG_ERR_KEY_EXPIRED:
if (gpg_err_code (sig->status) & GPG_ERR_SIG_EXPIRED)
sum |= GPGME_SIGSUM_KEY_EXPIRED;
sum |= GPGME_SIGSUM_SIG_EXPIRED;
break;

would fix the FIXME, it is not nice but keeps the switch.

Cheers,
matthias

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

wk at gnupg

Oct 16, 2009, 9:32 AM

Post #10 of 10 (936 views)
Permalink

Re: GPGME: Signature summary [In reply to]

On Fri, 16 Oct 2009 15:51, mat69 [at] gmx said:

> So I have to assume that 0 tells me that it is mathematical correct, as it
> would be e.g. 4 otherwise?

Depends.

> I thought it was more than a checksum but rather telling me that the file was
> signed with a key of which I have the public version, if the owner of that key

Right. However gpg can't tell you whether you know the key if you have
not told gpg that you know the key (signing it or through the WoT or via
a tight controlled keyring like gpgv does).

> In that case it would be great if the documentation could be adapted to this,
> mentioning when it would be zero.

This is a bit vector and not a scalar value you may compare to 0. The
bit flags are all documented.

Shalom-Salam,

Werner

--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel [at] gnupg
http://lists.gnupg.org/mailman/listinfo/gnupg-devel

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads