From: steve@miranova.com (Steven L. Baur)
Subject: Weaknesses in PGP signatures
Date: 30 Dec 1995 15:47:54 -0800 [thread overview]
Message-ID: <m2ka3em7v9.fsf@diana.miranova.com> (raw)
In-Reply-To: dlv@bwalk.dm.com's message of 30 Dec 1995 07:30:09 -0800
-----BEGIN PGP SIGNED MESSAGE-----
There's recently been a discussion of forging techniques that are hard
to repudiate when PGP signatures are used (alt.security.pgp,
sci.crypt, and the cypherpunks mailing list). A suggested possible
solution to make this harder is to include some of the mail headers
into the PGP signed portion of the message.
A Gnus implementation of this follows:
;;; Pgp signed messages are vulnerable to various kinds of badness due to
;;; the separation of header information. Fix it.
(defconst gnus-pgp-included-headers '("From"
"To"
"Newsgroups"
"Message-ID"
"Date"
"Subject"
"Cc"
"Gcc")
"Headers to include in signed portion of PGP signed message.")
(defconst gnus-pgp-signed-headers "----BEGIN PGP SIGNED HEADERS----\n"
"String to use for separation in message.")
(defun gnus-article-sign-message (arg)
"Sign a message with PGP, including outgoing headers in an included
block, as per the suggestion of \"Dr. Dimitri Vulis\" <dlv@bwalk.dm.com>."
(interactive "p")
(save-excursion
(save-restriction
(gnus-inews-narrow-to-headers)
(goto-char (point-max))
(or (mail-fetch-field "date")
(insert (concat "Date: " (gnus-inews-date) "\n")))
(or (mail-fetch-field "message-id")
(insert (concat "Message-ID: " (gnus-inews-message-id) "\n")))))
(save-excursion
(goto-char (point-max))
(insert "\n")
;; If there is already a header block (eg. after undoing a signature)
;; remove it entirely, and rebuild from scratch.
(if (re-search-backward gnus-pgp-signed-headers nil t)
(kill-region (point) (point-max)))
(insert gnus-pgp-signed-headers)
(let ((headers gnus-pgp-included-headers)
header header-value)
(while (setq header (car headers))
(setq headers (cdr headers))
(save-excursion
(save-restriction
(gnus-narrow-to-headers)
(setq header-value (mail-fetch-field header))))
(if header-value
(insert (concat header ": " header-value "\n"))))
(insert "\n")))
(mc-sign arg))
- --
steve@miranova.com baur
- ----BEGIN PGP SIGNED HEADERS----
To: ding@ifi.uio.no
Message-ID: <m2ka3em7v9.fsf@diana.miranova.com>
Date: 30 Dec 1995 15:47:54 -0800
Subject: Weaknesses in PGP signatures
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQCVAwUBMOXPr6LJZEUiepcNAQFX1wP/ZBgFvEYGLC+8Rq6C4at502ZmEQKDd+1v
OQsjHpQeqg9OfWKnvPbdou3torOQPMzsdn9grxjkblXFiN/dsYFsJXlYgA5Vzpf1
E2gw5Ng6wdYzvwwgF0Q8ZkbH3efPSYNvOPf8EexrCTmruK3TVFqAfNTwUnbgM2rS
zfumRMdD9r0=
=Fwj/
-----END PGP SIGNATURE-----
reply other threads:[~1995-12-30 23:47 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2ka3em7v9.fsf@diana.miranova.com \
--to=steve@miranova.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).