RE: PGP spoof decrypted output?

[Tony <missing () nts umd edu>]

fwiw,  I tried this w/ gpg and it appears that it does not have the same
problem.


> gpg --version
gpg (GnuPG) 1.0.6
Copyright (C) 2001 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Home: ~/.gnupg
Supported algorithms:
Cipher: 3DES, CAST5, BLOWFISH, RIJNDAEL, RIJNDAEL192, RIJNDAEL256, TWOFISH
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Hash: MD5, SHA1, RIPEMD160
> mkdir gpg_testdir
> cd !$
cd gpg_testdir
> touch file{0,1,2,3,4,5,6,7,8,9}
> echo "secret message" >> ./mymessage
> gpg -se ./mymessage
gpg: Warning: using insecure memory!

You need a passphrase to unlock the secret key for
user: "Tony Link <missing () nts umd edu>"
1024-bit DSA key, ID 6F65C094, created 2002-05-30

You did not specify a user ID. (you may use "-r")

Enter the user ID: missing () nts umd edu
> ls -l
total 2
-rw-r--r--  1 missing  missing    0 Jun  7 13:52 file0
-rw-r--r--  1 missing  missing    0 Jun  7 13:52 file1
-rw-r--r--  1 missing  missing    0 Jun  7 13:52 file2
-rw-r--r--  1 missing  missing    0 Jun  7 13:52 file3
-rw-r--r--  1 missing  missing    0 Jun  7 13:52 file4
-rw-r--r--  1 missing  missing    0 Jun  7 13:52 file5
-rw-r--r--  1 missing  missing    0 Jun  7 13:52 file6
-rw-r--r--  1 missing  missing    0 Jun  7 13:52 file7
-rw-r--r--  1 missing  missing    0 Jun  7 13:52 file8
-rw-r--r--  1 missing  missing    0 Jun  7 13:52 file9
-rw-r--r--  1 missing  missing   15 Jun  7 13:53 mymessage
-rw-r--r--  1 missing  missing  428 Jun  7 13:53 mymessage.gpg
> ls -l >> mymessage.gpg
> gpg -d ./mymessage.gpg
gpg: Warning: using insecure memory!

You need a passphrase to unlock the secret key for
user: "Tony Link <missing () nts umd edu>"
1024-bit ELG-E key, ID DFA5824B, created 2002-05-30 (main key ID 6F65C094)

gpg: encrypted with 1024-bit ELG-E key, ID DFA5824B, created 2002-05-30
      "Tony Link <missing () nts umd edu>"
secret message
gpg: Signature made Fri Jun  7 13:53:32 2002 EDT using DSA key ID 6F65C094
gpg: Good signature from "Tony Link <missing () nts umd edu>"
gpg: WARNING: encrypted message has been manipulated!


-Tony

On Fri, 7 Jun 2002, McAllister, Andrew wrote:

> Yes, I know signed e-mail is easy to spoof, most people never verify sigs etc.
>
> My real concern has more to do with the automated transmission of encrypted data files. My University sends data 
> files to and from various business partners using FTP and other mechanisms. Since FTP is clear text everything, we 
> decided to PGP encrypt and sign all files prior to transmission and we never allow unencrypted files on a public 
> machine. All of this encryption/decryption is done in BATCH mode with scripts.
>
> Seems at least somewhat safe? Not really.
>
> As an example (we do NOT actually do this)...
> Assume I transmit via FTP our payroll direct deposit data to the bank's ftp site. The file is encrypted and signed 
> with PGP, only the bank can decrypt and verify. That much appears true.
> Now, a hacker has been sniffing the wire and sees my ftp ID/password combo.
> He/she logs in to the bank FTP site and APPENDS data in clear text to the end of the payroll.pgp file.
> Twenty minutes later a bank script sees the file, moves it, and decrypts it with a "pgp +force" (batch mode) command.
>
> What result would you expect? The data I encrypted or the data the hacker appended? The answer: No warnings, no 
> errors, just the data that the hacker APPENDED to my PGP encrypted file. Not the original signed and encrypted file 
> itself. This seems like a bug to me, no?
>
> After a little more experimentation.....
> I've found that if you ASCII armor the file, the result is as expected after decryption. You get only the originally 
> encrypted file. I have not tested gpg or pgpi or older versions, just the NAI PGP available from the MIT download 
> site. Anyone care to test the other implementations?
>
> Does anyone think this is worth taking to NAI even though they aren't really supporting PGP anymore?
>
> Andrew McAllister
> University of Missouri
>
> > -----Original Message-----
> > From: Olaf Kirch [mailto:okir () caldera de]
> snip
> > [-- PGP output follows (current time: Fri Jun  7 13:45:05 2002) --]
> > gpg: Signature made Fri Jun  7 13:44:59 2002 CEST using DSA
> > key ID DEADBEEF
> > gpg: Good signature from "Olaf Kirch <okir () caldera de>"
> > [-- End of PGP output --]
> >
> > [-- The following data is signed --]
> >
> > Spoofing unaware PGP users can be simple. I am sure you all
> > noticed that
> > this message isn't PGP signed at all, but I guess there's quite
> snip