GPG(2)

Signing / Verifying

In This Section 

Return to Table of Contents

Signing (gpg [–options] –sign file)

You can sign files with the –sign command. GPG will prompt you for the passphrase for your secret key (private key).

D:\TEMP>gpg --armor --sign my-file.txt

You need a passphrase to unlock the secret key for
user: "Alice Wong <a-wong@big-corp.com>"
4096-bit RSA key, ID 49B58839, created 2002-03-27

Enter passphrase: My_31337_Passphrase

D:\TEMP>

Note: if you have multiple secret keys that you can use to sign, then you’ll have to indicate which of those secret keys you want to use to produce a signature.  To designate the secret key, you can either use the –local-user option with the –sign command, or you can use the default-key option in your Options file.

In the example above, we used the –armor option to produce ASCII Armored output (though we could have dropped the –armor option and produced a binary .GPG file). When we open the encrypted, ASCII Armored file, the ciphertext contents look just like a file that we encrypted.

D:\TEMP>type my-file.asc

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.0.7 (MingW32)

owGbwMvMwMSYbMOW4rG1w4JxTU4Sd26lblpmTqpeSUWJzYNN3CEZmcUKQJRbqQAW
5uXi5fJUyEgsS1XITcyrVCguTc4AyxSDpZxKSxRKoFpKMlLBMgqe6rkK5flF2Zl5
6QrlmSUZCnn55UDVnUyizKwMIEvgDmAqqxZg2GmxYbE416mL34594XlSUZ0mJXPo
l9Xpmfdn3bUTPvS5O+ZWcOvcazHGnJZ/L4tOa5k383zFAS8PqyjOV5f4ss6xB9YZ
XXcMvmly8qzbHoavXfwuXrGaVR6q9/R/7rx8YWMC52+/BZ0XlGffTK46n1GTm10p
rBBy+Mwx7czsqle6/EbF2ZtbgvdHS1y5c7qowpD98asnRrzz7HOPfl4bW/ZObHVC
3axWs4iTqdxJ/izrV7bvzbm18Fplmx77u9rqdn756q0nGhPkj9ms/LCy6G6WKyPj
zbzdsceds6MUbyYeYYrzfrUyYVZc9nW52oi9tpN+GWnG7Mr/qXlMzHZVz9bfBby/
L2YllEw1kXxotFrv4DGLpSxsu6TOFXl2S29a/73rwJPwgrjrphbXl0oYZz7IrJxm
m18sqc322UvzxTWputLZcRGHl5Tsd/1w9MvDR3HdJd6GR0/HGDFUGS30uTjV8WqH
8PN3/7Tunt/8W8Bhz4WmZW47NS7Me9fP+7Ji87QWxvuPFnLpZWWuUJf6a+hvOJlX
8yULv1zP+4OeB3we1a6QEexWOSuiK6nYVr3d8MxnBbG/frP6NVnO/Sywvhye4X7x
egbX/es9FbcV09O85Q9s+Hng73XzLFPzqffmPTT6t2by0wsqDxc8XzbDwHNL89sP
z3j15EtCrhinXcnL3Ooms1PPQkH3wGXufRvbA9lsRWof22+6lf0LAA==
=erCh
-----END PGP MESSAGE-----

D:\TEMP>

In fact, we have encrypted the original file, but we encrypted it with our own secret key (as opposed to someone else’s public key). In fact, signing is sometimes known as "encrypting to the private key." The recipient will decrypt the with our public key and verify the signature. The problem here, of course, is that we may want to sign the file, but leave the contents in plaintext form so that the contents are still readable. To do this, we’ll clearsign the file with the –clearsign command instead of signing it with the –sign command.

(For more information on signing messages and files, see the GNU Privacy Handbook.)

Clearsigning (gpg [ –options] –clearsign file)

To sign a message or file but leave the actual text or contents unencrypted (in plaintext), you can clearsign the file or message with the –clearsign command.

D:\TEMP>gpg --clearsign my-file.txt

You need a passphrase to unlock the secret key for
user: "Alice Wong <a-wong@big-corp.com>"
4096-bit RSA key, ID 49B58839, created 2002-03-27

Enter passphrase: My_31337_Passphrase

D:\TEMP>

When you open the clearsigned output file, you’ll see that GPG has left the original contents in plaintext and appended a signature for the contents at the bottom.

D:\TEMP>type my-file.asc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is my file.

I have many such files.

But this is the file I'm working with now.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (MingW32)

iQIVAwUBPOCy1mM8BmRItYg4AQKWrA//fR5LKFyt+78CMtfpzkHgCVFyEe2ImsBy
FJ2HvzRIP4Bvor1iEOZ9A0fux8gBNXrvEtaDXSiGyXH+Ru4F3g1+K119fgBPRBgo
oOTbSLZSlRYWp8mRALsiWXKEHWgpy4zIHVTY6tPJdxFBZYJXnQj/4S6MRP+eJdam
rU8ufExxaqQPw+KCNEVCSk1yHZ886k6MTSa1oDqUOLiM1cBDCtD8Jv+BE0gLHPb9
1h7lEka8QGNe+P7iiUzvsuD7HCL6dGb6T70/KBBHIP6lDwOgUX3eTd8e+I3jczs9
RyEmd6G4swM3IzCD1km+SN5/k5QsMjd6Lw5fB95Mroi47QNpya8ifYbMgCg0+BVm
c7QOwr79+9cJiKhEICbMf5pKQWzP/AznaYlM0IOGGCvxa5loLl7BbtvktVMocitF
zWM9SB0kmSu3OlMxjXYcBsyHCHN4dTpCD9d1jfbgth9YV06sWpONLohdaWx+n9kO
CxsSDGI+aW8sGKHWonw0Uy4UAvUzY3tiZTzTF+FzoJzhy13KK1j4Y0MMx1jZ68f9
R9wSKVdiyXwuMXkWWK0uxSZuBz4mTofZ7YmFm7UdxOH4bMnO+rWNCSPR7md+X0j1
nQSwtxEnIu7Tucb/ZG3t9kR+KTByPTu7tHINr4HFd8m2Cu7Wi10TP/EBtXbtYA/1
SBaUXcbgCD8=
=Hn6O
-----END PGP SIGNATURE-----

D:\TEMP>

When clearsigning files, it is not necessary to use the –armor option. GPG automatically uses ASCII Armor for the clear signature it appends to the bottom of the encrypted contents (ciphertext). Of course, it only makes sense to clearsign simple text files. If you clearsign binary files, GPG will produce an ASCII Armored signature, but the original contents will still be binary gobbledygook.

(For more information on clearsigning messages and files, see the GNU Privacy Handbook.)

Detached Signatures (gpg [ –options] –detach-sign file)

You can also produce a signature as a detached signature file. When creating detached signatures, GPG leaves the original file "as is" and creates a separate file that contains only the digital signature. To sign a file and produce a detached signature, use the –detach-sign command..

D:\TEMP>gpg --detach-sign my-file.zip

You need a passphrase to unlock the secret key for
user: "Alice Wong <a-wong@big-corp.com>"
4096-bit RSA key, ID 49B58839, created 2002-03-27

Enter passphrase: My_31337_Passphrase

D:\TEMP>

Once you enter your passphrase, GPG creates a detached signature file (my-file.sig) that is named similar to the file being signed (my-file.txt). 

.SIG files are binary files like .GPG files. If you prefer GPG to produce detached signature files in ASCII Armor format, use the –armor option.

D:\TEMP>gpg --armor --detach-sign my-file.zip

You need a passphrase to unlock the secret key for
user: "Alice Wong <a-wong@big-corp.com>"
4096-bit RSA key, ID 49B58839, created 2002-03-27

Enter passphrase: My_31337_Passphrase

D:\TEMP>

As you might expect, you can open the ASCII Armored detached signature file (which has the .ASC extension) and view the contents.

D:\TEMP>type my-file.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (MingW32)

iQIVAwUAPOC1eGM8BmRItYg4AQJaXxAAjS3DDRXllMhL4p2z/5tK1/wGielnpofg
VYCtx0Gga+ca3h1pM0xBpw3n5gXehSlFr3Arhh0ZE7rAfwqwHDUvIPZN05LPsTh8
exCyq6yWRqT4KVBqRwV47bGgoRV7bz5hT4UUBQcoevGtywUmon+g4sB/OmFF8QjU
I2nf8OvUZyZ4SZMwNuQEwo84kfL4kYFgla062ruCNVSaWSFaDHHbzUKOBdKqM6Zp
wi8tTNKm8giqqaUGoCHUnkszf0+evIj6efILLxk1EylQmTLD8/cBS5GsCpiFdiH0
hRV1MdqgR11hrR9YtomVPFTT86eE8QI4Wk05TMr5r1VV8nKdh/+2IkGfkycBQte5
YPqk+nYRgC6yRIW1ylg7WJTGVhtsxekMC4MAs3ZdhqQMCwD99cCJ4zHd56LEuvp3
z8eC9VKB9r141D0QZxBFUy1I1abWQRWM/+zoMMoV6jP3b9iMwWvNRZAEqEa4MI7u
jT45OjUwFd/ZlpVV8ZgmbrFCjwJK3JbERFLY24nn/hY6REAgplVQHvWspgzG/pBH
WgbkKm+0W6gMEUQ+w1rvKOZOnkF3tju8GqP6NZ79D+T+oJi8Avd689Mz7e8ykzap
rTTymknv17XOOFNTzZK77slx4nKjHXo9yqtpWB/Ek3y42LdPKALaaeBIOc+E7tky
7IFQXTZXJgw=
=sws/
-----END PGP SIGNATURE-----

D:\TEMP>

Once you have produced a detached signature, you should send both the original file that you signed as well as the detached signature file to your recipients. It does your recipients no good to send just the detached signature file; the detached signature file contains only the signature, not the actual contents of the file that you signed.

(For more information on creating detached signatures, see the GNU Privacy Handbook.)

Verifying Signed & Clearsigned Files (gpg [ –options] –decrypt file)

To verify the signatures on files that you have received from others, use the –decrypt command.

D:\TEMP>gpg --decrypt my-file.gpg

This is my file.

I have many such files.

But this is the file I'm working with now.

gpg: Signature made 05/14/02 02:06:03 using RSA key ID 49B58839
gpg: Good signature from "Alice Wong <a-wong@big-corp.com>"

D:\TEMP>

GPG shows you the contents of the file and verifies the signature. The –decrypt command should be used with files signed with the –sign command as well as with files clearsigned with the –clearsign command.

We can specify an output file with the –output option. 

D:\TEMP>gpg --output your-file.txt --decrypt my-file.gpg

gpg: Signature made 05/14/02 02:06:03 using RSA key ID 49B58839
gpg: Good signature from "Alice Wong <a-wong@big-corp.com>"

D:\TEMP>

The decrypted file (your-file.txt) contains only the plaintext contents. GPG still reports the results of its signature verification inline.

Keep in mind that to verify signature from someone, you must have that person’s public key on your keyring. If you don’t have that person’s public key, you won’t be able to verify the signature.

(For more information on verifying signatures, see the GNU Privacy Handbook.)

Verifying Detached Signatures (gpg [ –options] –verify sigfile signed_files)

To verify files with detached signatures, use the –verify command and specify the detached signature file as well as the files that were signed..

D:\TEMP>gpg --verify my-file.sig my-file.txt

gpg: Signature made 05/14/02 02:13:29 using RSA key ID 49B58839
gpg: Good signature from "Alice Wong <a-wong@big-corp.com>"

D:\TEMP>

GPG doesn’t show you the contents of the original file that was signed. The original file remains in plaintext form, so you can view it as you normally would without any special command.

We can use the –verify command to verify files signed with the –sign or –clearsign commands…

D:\TEMP>gpg --verify my-file.gpg

gpg: Signature made 05/14/02 02:06:03 using RSA key ID 49B58839
gpg: Good signature from "Alice Wong <a-wong@big-corp.com>"

D:\TEMP>

…but GPG doesn’t show us the plaintext contents of the signed files. It only verifies the signature on the file. That’s why we use the –decrypt command to verify files that have been signed with the –sign or –clearsign commands: we want to view the contents as well as verify the signature.

Keep in mind that to verify signature from someone, you must have that person’s public key on your keyring. If you don’t have that person’s public key, you won’t be able to verify the signature.

(For more information on verifying detached signatures, see the GNU Privacy Handbook.)

Understanding Signatures & Trust

In all of the signature verification examples that we looked at above, GPG reported the following when verifying a signature:

gpg: Signature made 05/14/02 02:13:29  using RSA key ID 49B58839
gpg: Good signature from "Alice Wong <a-wong@big-corp.com>"

This signature verification is what we want and expect: a "good signature." But GPG may not always give you the same unambiguous report when verifying signatures. In some situations, GPG’s signature verification report may include something else: a "warning," such as the following:

gpg: Signature made 05/14/02 02:13:29  using RSA key ID 49B58839
gpg: Good signature from "Alice Wong <a-wong@big-corp.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.

Fingerprint: AE15 DB8D F29B 00F8 D213 1C18 633C 0664 49B5 8839

This warning is similar to one you might receive when encrypting a message or file to someone else with the –encrypt command:

gpg: checking the trustdb
gpg: checking at depth 0 signed=0 ot(-/q/n/m/f/u)=0/0/0/0/0/4
gpg: AB53B492: There is no indication that this key really belongs to the owner
2048g/AB53B492 2001-11-13 "Bob Bone <bobbone@cowtownu.edu>"
Fingerprint: C8C5 2C0A B2A4 8174 01E8 12C8 F3CC 3233 3FAD 9F1E

It is NOT certain that the key belongs to its owner.

In the case of the signature verification warning, you’re probably wondering why GPG reports "Good signature from…" on one line and then issues a "Warning"  about the key not being "certified with a trusted signature" on the very next line. It might seem that there’s a contradiction here — i.e., how can a signature be both "good" and "untrusted" at the same time? — but there really isn’t a contradiction at all. Let’s look in detail at what GPG is telling us.

The first line tells us what key was used to make the signature and when the signature was made.

gpg: Signature made 05/14/02 02:13:29  using RSA key ID 49B58839

The next line confirms that the signature on the file was in fact made using this particular key (with Key ID 49B58839). It also tells us that the User ID on that key is for Alice Wong (a-wong@big-corp.com) and that the signature is valid or "good."

gpg: Good signature from "Alice Wong <a-wong@big-corp.com>"

What GPG has done is verify that the signature on the file does indeed match the signature it would expect from this key for this file. The fact that the signature matches tells us that the file has not been altered or tampered with in transit. If the file had been altered in transit, GPG would have reported a "bad signature" instead:

gpg: Signature made 05/14/02 02:13:29 CDT using RSA key ID 49B58839
gpg: BAD signature from "Alice Wong <a-wong@big-corp.com>"

In other words, the signature on the file didn’t match what GPG expected. Perhaps the contents of the message in the file were altered somehow. Another potential cause for this "bad signature" is that the signature itself was altered or doesn’t even belong to the contents of the file (it might be a signature that was produced for some other file). Whatever the cause, it’s a "bad signature."

The example we’re looking at, though, has a "good signature." The problem with this signature is that it was produced with a key that is not "trusted."

gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Fingerprint: AE15 DB8D F29B 00F8 D213 1C18 633C 0664 49B5 8839

As GPG insists, we don’t have any reason to suppose that the key used to produce the signature does in fact belong to the person identified in the key’s User ID. In other words, while we know that this key was indeed used to make the signature on the file and that the file hasn’t been altered, we do NOT know that this key really belongs to Alice. (The same holds true for the warning GPG issues with the –encrypt command: you don’t know for certain that the person specified in the User ID of the key to which you’re encrypting is actually the owner of the key.) It’s always possible that someone other than Alice generated the key, used Alice’s name and email address in the User ID, and is now masquerading as Alice. In short, the key is "untrusted."

We can make this key "trusted" by "certifying" the key. To certify the key, we need to sign the key. Once we sign and certify the key, the trust level associated with the key will change. In this example, GPG has warned us that we are using an "untrusted key" because we have not yet certified the key that was used to verify the signature. Put another way, GPG is telling us that we have have not "certified" the key used to make the signature by signing that key with our own secret key in order to change the trust level associated with the key. ("This key is not certified with a trusted signature!") Once we sign the key to certify it, the key will become "trusted."

The trust level on a key is a measure of our confidence in the identity of the owner of the key. If we are confident that this key does actually belong to Alice (who is listed in the key’s User ID), we can change the trust level on Alice’s key by signing it with our own secret key. Once we sign Alice’s key and change the trust level associated with the key, GPG will no longer warn us that we are using an "untrusted" key when we verify signatures from Alice. Instead, GPG will simply report:

gpg: Signature made 05/14/02 02:13:29  using RSA key ID 49B58839
gpg: Good signature from "Alice Wong <a-wong@big-corp.com>"

And when encrypting files or messages with the –encrypt command, GPG will no longer warn you about the "untrusted" nature of the key — it will simply encrypt the file without complaint.

To learn how to sign keys and change the trust level on a key, see the Signing Keys section below. You can also suppress GPG’s trust warnings by adding the –always-trustoption to your Options file. (For more general information on signing keys and using the Web of Trust, see the GNU Privacy Handbook.)

Combining Commands

In This Section 

Return to Table of Contents

Most commands used by GPG cannot be combined with other commands. Although you can use multiple options at the same time (as we did in many of our examples earlier), commands must be used one at a time. In some situations, though, you can combine commands instead of issuing them separately.

Encrypt & Sign (gpg [–options] –encrypt — sign file)

You can encrypt and sign a file at the same time by using the –encrypt and –sign commands simultaneously.

D:\TEMP>gpg --armor --recipient Bob --encrypt --sign my-file.txt

You need a passphrase to unlock the secret key for
user: "Alice Wong <a-wong@big-corp.com>"
4096-bit RSA key, ID 49B58839, created 2002-03-27

Enter passphrase: My_31337_Passphrase

D:\TEMP>

With the combined –encrypt and –sign commands, GPG produces a signed and encrypted file.

D:\TEMP>type my-file.asc

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.0.7 (MingW32)

owGbwMvMwMSYbMOW4rG1w4JxTU4Sd26lblpmTqpeSUWJzYNN3CEZmcUKQJRbqQAW
5uXi5fJUyEgsS1XITcyrVCguTc4AyxSDpZxKSxRKoFpKMlLBMgqe6rkK5flF2Zl5
6QrlmSUZCnn55UDVnUyizKwMIEvgDmAqqxZg2GmxYbE416mL34594XlSUZ0mJXPo
l9Xpmfdn3bUTPvS5O+ZWcOvcazHGnJZ/L4tOa5k383zFAS8PqyjOV5f4ss6xB9YZ
XXcMvmly8qzbHoavXfwuXrGaVR6q9/R/7rx8YWMC52+/BZ0XlGffTK46n1GTm10p
rBBy+Mwx7czsqle6/EbF2ZtbgvdHS1y5c7qowpD98asnRrzz7HOPfl4bW/ZObHVC
3axWs4iTqdxJ/izrV7bvzbm18Fplmx77u9rqdn756q0nGhPkj9ms/LCy6G6WKyPj
zbzdsceds6MUbyYeYYrzfrUyYVZc9nW52oi9tpN+GWnG7Mr/qXlMzHZVz9bfBby/
L2YllEw1kXxotFrv4DGLpSxsu6TOFXl2S29a/73rwJPwgrjrphbXl0oYZz7IrJxm
m18sqc322UvzxTWputLZcRGHl5Tsd/1w9MvDR3HdJd6GR0/HGDFUGS30uTjV8WqH
8PN3/7Tunt/8W8Bhz4WmZW47NS7Me9fP+7Ji87QWxvuPFnLpZWWuUJf6a+hvOJlX
8yULv1zP+4OeB3we1a6QEexWOSuiK6nYVr3d8MxnBbG/frP6NVnO/Sywvhye4X7x
egbX/es9FbcV09O85Q9s+Hng73XzLFPzqffmPTT6t2by0wsqDxc8XzbDwHNL89sP
z3j15EtCrhinXcnL3Ooms1PPQkH3wGXufRvbA9lsRWof22+6lf0LAA==
=erCh
-----END PGP MESSAGE-----

D:\TEMP>

The –encrypt command cannot be combined with the –clearsign or –detach-sign commands. Indeed, it wouldn’t make sense to do so, because we want to encrypt the original file, not leave it in plaintext form, as both the –clearsign and –detach-sign commands do.

Decrypt & Verify (gpg [–options] –decrypt file)

To decrypt and verify a file that has been both signed and encrypted, use the –decrypt command. GPG will decrypt the contents and verify the signature automatically..

D:\TEMP>gpg --decrypt my-file.asc

You need a passphrase to unlock the secret key for
user: "Bob Bone <bobbone@cowtownu.edu>"
2048-bit ELG-E key, ID AB53B492, created 2001-11-13 (main key ID 3FAD9F1E)

Enter passphrase: My_31337_Passphrase

gpg: encrypted with 2048-bit ELG-E key, ID AB53B492, created 2001-11-13
"Bob Bone <bobbone@cowtownu.edu>"

This is my file.

I have many such files.

But this is the file I'm working with now.

gpg: Signature made 05/14/02 02:38:06 using RSA key ID 49B58839
gpg: Good signature from "Alice Wong <a-wong@big-corp.com>"

D:\TEMP>

Of course, you can always specify an output file for the decrypted contents.

D:\TEMP>gpg --output your-file.txt --decrypt my-file.asc

You need a passphrase to unlock the secret key for
user: "Bob Bone <bobbone@cowtownu.edu>"
2048-bit ELG-E key, ID AB53B492, created 2001-11-13 (main key ID 3FAD9F1E)

Enter passphrase: My_31337_Passphrase

gpg: encrypted with 2048-bit ELG-E key, ID AB53B492, created 2001-11-13
"Bob Bone <bobbone@cowtownu.edu>"
gpg: Signature made 05/14/02 02:38:06 using RSA key ID 49B58839
gpg: Good signature from "Alice Wong <a-wong@big-corp.com>"

D:\TEMP>

The output file will contain only the decrypted (plaintext) contents of the encrypted file. GPG still reports the results of its signature verification inline.

Advertisements
This entry was posted in Computers and Internet. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s