3

I have signed file 1.txt, result file is 1.txt.asc. I changed content in file 1.txt.asc (signed content, not signature). Then I verify signature in 1.txt.asc and I get information that signature is not correct and that's ok. Then I encrypt tht modified 1.txt.asc, result file is 1.txt.asc.gpg. Then I decrypt that file and I should get information that signature is not correct, but there is no such information. From documentation:

--decrypt [=file=] Decrypt file ... If the decrypted file is signed, the signature is also verified.

I have also saved decrypted data to another file, then I verified signature and I get information that signature is not correct. So it seems that decrypt operation did not verify signature. Why is that?

ctomek
  • 275
  • 4
  • 11
  • 1
    The order is important .. Encrypt->Sign. As you did the other way its only decrypting the encapsulated signature – Sravan Mar 16 '16 at 10:03
  • @Sravan But documentation says clearly "If the decrypted file is signed, the signature is also verified.". Based on what you wrote it should say "If the encrypted file is signed, the signature is also verified.". – ctomek Mar 16 '16 at 10:07
  • 1
    I think its depends on how we interpret the sentence,"If the decrypted file is signed". I think it refers to files created with gpg --encrypt --sign.Can you try to Encrypt and Sign the file in a single command like gpg --encrypt --sign , And then tamper and try decrypt it? – Sravan Mar 16 '16 at 10:19
  • @Sravan I tried `gpg --output es.gpg -e -s 1.txt`, then `gpg -d es.gpg` and content is decrypted and signature is verified. So I think that moral of that story is that documentation is misleading, because for me it clearly looks like it means that after decrypting file, the decrypted file is checked for signature it there is a siganture the it is verified. – ctomek Mar 16 '16 at 11:09
  • 1
    Yes :). It would be clear if documentation says something like "If the Encrypted file is also signed, the signature is also verified". – Sravan Mar 16 '16 at 11:55

2 Answers2

3

gpg will verify the signature if the signature is over the encrypted content. In other words, say you generate fileA.gpg as follows:

  • gpg -r [Some ID] -o tmp.gpg -e fileA
  • gpg -s -o fileA.gpg tmp.gpg

Then gpg -d fileA.gpg will validate the signature of the encrypted content and then proceed to decrypt the data if the signature is good. Now if we do this in the opposite order of operations i.e.:

  • gpg -s -o tmp.gpg fileB
  • gpg -r [Some ID] -o fileB.gpg -e tmp.gpg

Then gpg -d fileB.gpg will simply decrypt the file and the result is a signature, but gpg does not proceed to do anything with the signature. In other words gpg will only verify the signature when performing decryption if the signature is for the data it is decrypting.

puzzlepalace
  • 681
  • 3
  • 11
  • But documentation says clearly "If the decrypted file is signed, the signature is also verified.". Based on what you wrote it should say "If the encrypted file is signed, the signature is also verified.". – ctomek Mar 16 '16 at 10:07
  • "If the decrypted file is signed, the signature is also verified." means if there is a signature for the file being decrypted (e.g. the data looks something like `enc_data, sig(enc_data)`) then the signature is checked before decryption to ensure the data being decrypted is valid. What you are saying should happen would read "If the decrypted file is a signature, the signature is also verified.". Do you see the distinction? In the actuality the signature is of the encrypted data, in the behavior you expected the signature is for some arbitrary data (and encrypted). – puzzlepalace Mar 16 '16 at 10:42
  • I understand everything and I think that sentence from documentation clearly looks like it means that firstly data is decrypted and then "If the decrypted file is signed, the signature is also verified." If it is the other way then ok. I just think that documentation is misleading. You wrote that I mean "If the decrypted file is a signature, the signature is also verified.", but I think you meant "signed file" instead of "signature". And even with your version of that sentence I think it sounds the same like that one from documentation. – ctomek Mar 16 '16 at 11:00
3

Alright, so I think the best answer will be to just say that documentation is misleading. The sentence:

--decrypt [=file=] Decrypt file ... If the decrypted file is signed, the signature is also verified.

looks like it means that file is decrypted, then that decrypted file is checked if it contains a signature. If it contains a signature then that signature is verified.

But it is not like that. That line of documentation means that if encrypted file was signed then that signature is checked.

ctomek
  • 275
  • 4
  • 11