search

keybase / keybase-issues

A single repo for managing publicly recognized issues with the keybase client, installer, and website.
899 stars 37 forks source link

Verifying multiple messages in the same window has confusing results. #1247

Open hinca opened 9 years ago

hinca commented 9 years ago

This is really not a big security issue, just a UI thing that might confuse some people.

Imagine someone is trying to verify a message I signed. They paste it into the Verify window, and click verify. Great! It's a valid signature created by me.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I'm acknowledging your testing message.
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v1.1.6
Comment: https://keybase.io/crypto

wsBcBAABCgAGBQJUfYLYAAoJEG/4KgT0o6bpi7EH/iyIAvTk1tXQFW0FGpGDf9kj
TmQN6fIFtIxlQs6MRS+Ws3Xwwj4+tfDYyjsUAZ1pLpSGuxSrnyULiXtX6L3LOsda
9byGAjO2hE3yzgRsdtCtCMCsn6PHJWKONOU5yhv0NdnpfqVPBwpbIqNLtnqMFiQq
1CuVYQqLgvT7evNMO6Z1JeNXF7EAdkxdtPGrfuZp4uZm84GcQbPXywZLjItwNPEI
MKbDuRVV9SaJfEENb0YOJdmiaQKhdmxrh5Ixkx/QzowL9qapUqv9PssBiKlz1g4g
OfQQvW30dj9fVBd01I+jHTdypg/KOblL0LpBpltM9+i6aBzuIStzqWovamzqugw=
=yvtY
-----END PGP SIGNATURE-----

But now I tamper with the message, so that the identical signature is no longer valid, and paste it into the same verification window. I can do this, because the field is still editable.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I'm NOT acknowledging your testing message.
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v1.1.6
Comment: https://keybase.io/crypto

wsBcBAABCgAGBQJUfYLYAAoJEG/4KgT0o6bpi7EH/iyIAvTk1tXQFW0FGpGDf9kj
TmQN6fIFtIxlQs6MRS+Ws3Xwwj4+tfDYyjsUAZ1pLpSGuxSrnyULiXtX6L3LOsda
9byGAjO2hE3yzgRsdtCtCMCsn6PHJWKONOU5yhv0NdnpfqVPBwpbIqNLtnqMFiQq
1CuVYQqLgvT7evNMO6Z1JeNXF7EAdkxdtPGrfuZp4uZm84GcQbPXywZLjItwNPEI
MKbDuRVV9SaJfEENb0YOJdmiaQKhdmxrh5Ixkx/QzowL9qapUqv9PssBiKlz1g4g
OfQQvW30dj9fVBd01I+jHTdypg/KOblL0LpBpltM9+i6aBzuIStzqWovamzqugw=
=yvtY
-----END PGP SIGNATURE-----

The field flickers, and I would expect it to acknowledge the update and re-verify. Instead it's still claiming that the signature is valid, because keybase doesn't recognize the message as updated. I suppose re-verification on text area update, or disabling the text area after verification would take care of this.

Thanks for developing this service! I'm a fan. :+1:

zQueal commented 9 years ago

I may be wrong, but from what it sounds like you're expecting your second message to still pass as verified.

image

Doesn't seem to be working--which should be expected behavior.

hinca commented 9 years ago

Sorry if I wasn't clear enough, I didn't expect the other message to verify successfully with the same signature. That would have been a rather curious hash collision for SHA512. :-D

The thing I was reporting was that, from a UI perspective, after verifying the first message, people might paste another message to verify into the text area in the same window (which is now called "The Signed Text"), and expect it to be verified. Which it will not be, but it will still show the "✓ signed by hinca" message, so an absent-minded person might consider it verified, because this will show on the screen if I paste the message there:

image

It's no big deal, but I suppose I just don't understand why the verified message would be displayed in an editable text area. That element has nothing to do there at this stage, especially if you can't reuse it to verify another signature from this page.