Friday, November 14, 2014

How to craft a signatures with GNU gpg by socpuppets

With GNU gpg, you can craft an embedded signature within the data or "de-attach" signature. I will demonstrate the  two methods. Where and how you would use the two is up to you.

1st the de-attached signature which probably the one I use the most. Your data can be compressed after signature  creation, if so desired and to save space. The signature  is publicly available  for any persons that wish to verify the file integrity.

cli gpg -b <>

This does 2 things;

            1: it make a digital signature based off you private-key
            2: it does NOT make any modifications to the original  data

NOTE: the signature is always  created from the original filename and the added suffix "sig" to the newly created signature file.

Next we will make a embedded  signature. This requires the "-s" switch option.  So we will take the same file  & create our sign+encryption.

cli gpg -s  <filename>

Now we should notice a few things,

       1: we have a new file name  file.txt.gpg ( data that's encrypted )
       2: original data is still present
       3: original datafile has not been modififed  ( even the  earlier sig file is still present )

So now we will delete the original data "file.txt" and then decrypt our  file.txt.gpg and then compare the md5-hash and you will find we have the original file again.

Notice that our data md5 hash matches, after the decryption?
( message digest  96c23e49e65c7fd37d612b369d6a1657 )

A few things to take away here;
                    1: the m5 128bit hash still matches after the decryption
                    2: the original data was decrypted
                    3: the file was compared against the embedded signature to our key

NOTE: If we would have used the  "-v" we would have gotten more verbose information & output

So easy, that a monkey or caveman can do it!

I hope this  demonstration has been helpful. You can learn more about GNU PGP implementation at the following link;

and about PGP in general here;

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

   ^      ^
=(  $  $ )=
      /  \

No comments:

Post a Comment