Skip other people signatures only if they have thrown an error

Alkorin commented 6 years ago

Do not skip valid signatures of other people

Alkorin commented 5 years ago

Is it possible to take a look ?

zapu commented 5 years ago

We did, way back when it was submitted. Sorry I didn't leave a comment.

We typically consider signatures issued by 3rd party (i.e. "signatures by other people") there because we only look for signatures made by the primary key itself, to validate integrity of the PGP bundle. If you were to read 3rd party signatures, the internal representation would have to change and they should be handled separately from "regular" signatures, so they are never confused.

Can you explain what issue were you trying to fix?

Let me know if I misunderstood the intent here. Thank you

Alkorin commented 5 years ago

We use it to establish a chain of trust.

We have a KeySigningKey stored on an offline media which sign other gpg keys used in our system.

On client side, applications only knows the public key of the KeySigningKey and can check that the incoming signature is signed by a key which is signed by the KSK. So in my model, "signatures by other people" is the signature done by the KSK.

Except if I missed something, everything is already there in the lib. The only issue I have is that such signatures are just dropped when the key is loaded.

Sample KSK:

Sample "Other Key" signed by KSK:

How the signature is made:

gpg -u "Key Signing Key" --ask-cert-expire --sign-key "Other Key"

Simple parsing with github.com/keybase/go-crypto/openpgp

    p, _ := armor.Decode(bytes.NewBufferString(other_key))
    e, _ := openpgp.ReadEntity(packet.NewReader(p.Body))

    fmt.Printf("%+v\n", e.Identities["Other Key <otherkey@example.org>"])

Without the patch:

&{Name:Other Key <otherkey@example.org> UserId:0xc00004c080 SelfSignature:0xc0000a8000 Signatures:[] Revocation:<nil>}

I only have the self signature

With the patch:

&{Name:Other Key <otherkey@example.org> UserId:0xc00004a080 SelfSignature:0xc0000a8000 Signatures:[0xc0000a8280] Revocation:<nil>}

I also have the signature made by the KSK

And in my model, I consider that a GPG PublicKey (k in the code below) is signed by the KSK GPG PublicKey (signerKey) if at least one Identity of this key have a signature done by the KSK:

type PublicKey struct {
    *openpgp.Entity
}

func (k PublicKey) IsSignedBy(signerKey *PublicKey) *packet.Signature {
    for _, i := range k.Identities {
        for _, s := range i.Signatures {
            // Skip signature if IssuerKeyId doesn't match signer's key
            if s.IssuerKeyId != nil && *s.IssuerKeyId != signerKey.PrimaryKey.KeyId {
                continue
            }
            // Return true if signature s is valid
            if err := signerKey.PrimaryKey.VerifyUserIdSignature(i.Name, k.PrimaryKey, s); err == nil {
                return s
            }
        }
    }
    return nil
}

That's why I need Identities.Signatures. And I extract also the signature CreationDate & signature SigLifetimeSecs to check signature expiration and revoke old signing keys.

Hope it will give your more infos on what I try to do with your library

keybase / go-crypto

Skip other people signatures only if they have thrown an error #65