How are detached signatures used to verify a file’s integrity and authenticity

gnupg

I understand that the detached signature is generated by the signer's private key and that you use the signer's public key to verify the downloaded file.

e.g.

gpg --verify package_name.asc

The signature is verified by using the signer's public key, but how does gpg know that the signature belongs to the package downloaded? Am I missing something?

Best Answer

Finding the File for a Detached Signature

gpg will automatically verify detached signatures against the same file name, without .asc or .sig enxtension. From man gpg:

--verify
  Assume  that  the first argument is a signed file or a detached signature and
  verify it without generating any output. With  no  arguments,  the  signature
  packet  is  read from STDIN. If only a sigfile is given, it may be a complete
  signature or a detached signature, in which case the signed stuff is expected
  in a file without the ".sig" or ".asc" extension.  With more than 1 argument,
  the first should be a detached signature and  the  remaining  files  are  the
  signed  stuff.  To  read  the  signed stuff from STDIN, use '-' as the second
  filename.  For security reasons a detached signature cannot read  the  signed
  material from STDIN without denoting it in the above way.

Thus, gpg --verify package_name.asc expects the signed file to be available as package_name. If it isn't (or at another location), also give the path to this file:

gpg --verify detached_siganture.asc signed_file

Is it the Right File?

OpenPGP does not expect the file name (or any other identifier) to be stored in the signature. But: the signature is the hash sum of the signed file, encrypted with the signer's private key, so it can be decrypted with his public key. If the decrypted hash sum does not match the one of the file used to verify against, you know the file isn't the same that was signed (but cannot tell whether it is the wrong file because of selecting the wrong, or it was tampered).

Related Solutions

Unable to verify encrypted file signature

It seems you don't have the public key of Set B (PB) in your keyring of Set A. Thus, gnupg won't be able to know if it was really a good signature from that key. Without you having PB, the signature will just "look like" it has been signed by the key with the key id of 0xXXXXXXXX, but it lacks the PB to check it thoroughly.

You might encounter this issue with Kleopatra, and the solution is to set the trust of the public key before verifying. Even if you have the correct public key for the signed file/message, the response from the application will show as not valid unless the public key is trusted.

Verifying files with GPG, without a .sig or .asc file

Received an explanation from the GNU/GCC team about this, and the .sig files were missing due to an error with file replication to their mirror servers. From the team:

Interestingly, the .sig files are only on the GNU server (e.g., http://ftp.gnu.org/gnu/gcc/gcc-4.8.0/) but not on the GCC server (e.g., ftp://gcc.gnu.org/pub/gcc/releases/gcc-4.8.0/). As the latter is used by the mirrors, it is also not available on the mirrors.

I found the .sig files on the GNU server like they suggested, but then had to dig some more to find the "GNU keyring file" required to actually verify the signature. All in all, the verification process was:

$ wget http://www.netgull.com/gcc/releases/gcc-4.8.0/gcc-4.8.0.tar.gz
$ wget http://ftp.gnu.org/gnu/gcc/gcc-4.8.0/gcc-4.8.0.tar.gz.sig
$ wget ftp://ftp.gnu.org/gnu/gnu-keyring.gpg
$ gpg --verify --keyring ./gnu-keyring.gpg ./gcc-4.8.0.tar.gz.sig

gpg: Signature made Fri 22 Mar 2013 08:32:29 AM CDT using DSA key ID C3C45C06
gpg: Good signature from "Jakub Jelinek <jakub@redhat.com>"
gpg: Note: This key has expired!
Primary key fingerprint: 33C2 35A3 4C46 AA3F FB29  3709 A328 C3A2 C3C4 5C06

Hopefully this helps anyone else trying to verify a tarball downloaded from one of GCC's mirror sites.