top | item 46405390

(no title)

> Cleartext signatures considered harmful

Really? To me it seems that what’s really harmful is assuming a long string of high entropy hex bytes is a valid signature.

Both detached signatures and cleartext need to be run through verify, so what gives?

Does gpg not error when the post-verification output file doesn’t match the cleartext? That sounds like a bug in gpg

discuss

cge|2 months ago

It appears that by default, gpg doesn't output the signed text at all when verifying a cleartext signature. It does not appear to check for or warn about extra content before or after the cleartext text and signature. It strictly interprets the start/end lines, and won't warn or fail for malicious ones. It does not appear to accept comment headers in the signed message, but does accept them in the signature, which means that a user might think an arbitrarily long message in the signature is actually signed.

These all seem like flaws in gpg and the standard.