Bug#872271: hopenpgp-tools: please make a simple OpenPGP signature validation binary
(too old to reply)
Daniel Kahn Gillmor
2017-08-15 15:00:03 UTC
Package: hopenpgp-tools
Version: 0.19.4-3
Severity: wishlist

I'd like hopenpgp-tools to produce a simple signature validation
binary, which validates a signature against a set of curated keyrings.

let's call it hov (for "hopenpgp validator").


The proposed syntax is:


Where options include:

--not-before TIMESPEC
--not-after TIMESPEC

if not present, --not-before defaults to NULL, and --not-after
defaults to "now".

It should return 0 (success) if the the signature is valid over the
blob, and was issued correctly from one of the keys in the set of
keyrings offered, and some non-zero code otherwise.


It should take into account at least the following concerns:

* key usage flags (signatures made by keys not with the "signing"
capability are not valid)

* signature time (signatures made before the --not-before timespec
(if non-NULL) or after the --not-after timespec are not valid)

* key validity time (signatures made before key creation or after key
expiry are not valid)

* key revocation (signatures made by revoked keys are not valid)

* key strength and signature strength (signatures over MD5 and SHA1
are not valid; signatures made by RSA keys less than 2048 bits are
not valid -- maybe there's a possible extension here to mark other
algorithms as unacceptable)

* subkey bindings (signatures made by a signing-capable subkey must
have a cross-sig to the primary key; binding sigs and cross-sigs
must be made with a reasonable signature algorithm; binding sigs
and cross-sigs must be valid, non-revoked, non-expired, not in the
past, etc)


[ rationale for --not-before and --not-after ]

In some cases, the user expects signatures to be made within a certain
temporal window. For example, in e-mail validation, if i think the
e-mail was sent at time T (e.g. if it has a "Date: T" header), i
expect the signature to be made in a little window of time around T,
or else something is clearly amiss.

For software package validation, i might have some prior version of
the software package from the same vendor, and i want to ensure that
the Date is explicitly *after* the date of that previous signature.

The user should be able to express this preference simply to the
validator and have the validator do the right thing.

Open questions

here are some open questions about the proposed design and possible
future enhancements to keep in mind:


How should hov expect the user to entire time information? With what
precision? OpenPGP has 1sec granularity. Should we bake that choice
of precision into hov?

Covert Channels

What if the SIGNATURE blob contains something other than an OpenPGP
signature? Should hov reject it or ignore the cruft?

Multiple Signatures

What if the user wants to ensure that there are signatures from
multiple signers in the curated keyrings (e.g. 2 of 5 signers)? the
proposed interface doesn't have any way to represent that.

Info about the signature

In the event that a signature is validated, it's possible that the
person doing verification wants to learn something about it (e.g. to
record details in a log, like date of signature). In the event that
it is not successful, it's possible that they want to learn more about
it for debugging purposes. The above simple proposal doesn't provide
any means for emitting this information for those who want it.

perhaps just logging in machine-readable form to stderr is sufficient
for the first crack at this?


-- System Information:
Debian Release: buster/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (500, 'oldstable'), (200, 'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.11.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages hopenpgp-tools depends on:
ii libbz2-1.0 1.0.6-8.1
ii libc6 2.24-12
ii libffi6 3.2.1-6
ii libgmp10 2:6.1.2+dfsg-1
ii libncursesw5 6.0+20170715-2
ii libnettle6 3.3-1+b1
ii libtinfo5 6.0+20170715-2
ii libyaml-0-2 0.1.7-2
ii zlib1g 1:1.2.8.dfsg-5

hopenpgp-tools recommends no packages.

hopenpgp-tools suggests no packages.

-- no debconf information
Daniel Kahn Gillmor
2019-11-08 13:30:01 UTC
Control: retitle 872271 hopenpgp-tools: please implement "hop verify", from the Stateless OpenPGP command-line interface
Post by Daniel Kahn Gillmor
I'd like hopenpgp-tools to produce a simple signature validation
binary, which validates a signature against a set of curated keyrings.
let's call it hov (for "hopenpgp validator").
I'd like to update this suggestion for hopenpgp-tools. After a decent
amount of discussion with other OpenPGP users and developers, what i
want is potentially more than a simple signature validator (though a
simple signature validator is part of it).

Rather, i want something that approaches a "stateless OpenPGP command
line interface" (or "sop") as documented at

The "sop" interface is intended to be implementable piecemeal -- you can
implement some subcommands and leave others out as the implementation

The subcommand "sop verify" is basically a slightly refined version of
the interface i originally requested on this bug report.

I'm imagining that the implementation from hopenpgp-tools would be
"/usr/bin/hop" -- but of course that's your call.

So this wishlist bug report is now asking for the "hop verify"
subcommand. (obviously, if other subcommands are implemented, that
would be nice too)

If, in the course of looking at this, you have ideas for improvements or
simplifications for the `sop` generic interface, I welcome those
suggestions, either on ***@ietf.org, or at

Thanks for your efforts on hOpenPGP!


PS the easiest subcommand to implement would be "hop version" if you
want to get started, and you already have "hop dearmor" and something
close to "hop armor" as subcommands of /usr/bin/hot.