LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-18-2008, 06:31 AM   #1
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Rep: Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983
How to modify a GPG signed file while preserving the signature?


Hi all.

I need to do some modifications to a GPG signed file (signed with my own gpg-key), but if I simply edit it the signature is no longer valid (as it would be expected).

What is the correct way to modify a GPG signed file? I'm thinking of:
1) remove the signature, edit the file, apply the signature again
2) remove the file, edit an unsigned backup copy then sign it
3) use some tool - which I'm not aware of - to edit the signed file.

Also I cannot find a gpg option to simply remove the signature from an already signed file. I see only options/commands to remove a key from my own database. Thank you.
 
Old 07-18-2008, 07:30 AM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
I believe that method 2 is theoretically the only solution. If any other solution could work then GPG would be worthless.
 
Old 07-18-2008, 07:38 AM   #3
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Original Poster
Rep: Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983
Quote:
Originally Posted by stress_junkie View Post
If any other solution could work then GPG would be worthless.
Good point. I assumed that upon trying to remove the signature, gpg asked the secret passphrase, but maybe my assumption is totally wrong. Thank you, stress_junkie.
 
Old 07-18-2008, 09:26 AM   #4
beadyallen
Member
 
Registered: Mar 2008
Location: UK
Distribution: Fedora, Gentoo
Posts: 209

Rep: Reputation: 36
Method 1 would work too. The signature is basically just a unique hash of the file appended to the end (or perhaps at the beginning, dunno really for binary files). The 'file' itself doesn't get affected, so you can edit to your hearts content.

When you've finished, just resign it. It's easy to do with ASCII files by removing the relevant lines. For binary, the functionality is included in the --decrypt option. Just run 'gpg --output cleanfile --decrypt signedfile' which strips out the signature and uncompresses 'signedfile' to give you the original 'cleanfile'.

Hope this helps.

edit: I just re-read your method 1 proposition, and it doesn't work. You can't use an old signature on a modified file. As stress junkie correctly pointed out, it would make GPG worthless. There's not need to resort to a backup though, so you might still use the info above.

Last edited by beadyallen; 07-18-2008 at 09:28 AM.
 
Old 07-21-2008, 03:34 AM   #5
colucix
LQ Guru
 
Registered: Sep 2003
Location: Bologna
Distribution: CentOS 6.5 OpenSuSE 12.3
Posts: 10,509

Original Poster
Rep: Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983Reputation: 1983
Hi beadyallen. The suggested command works like a charm:
Code:
gpg --output cleanfile --decrypt signedfile
I tried also to delete the gpg signature (both at the beginning and at the end of the signed file) and it works too. Thank for the advice.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
GPG encrpyted -- signed by which key? prn Linux - Security 2 03-13-2008 12:53 PM
Is the GPG signature really nessesary when updating? eagledt63 Fedora 2 02-06-2006 06:00 PM
GPG Signature problem in up2date dineshjk Red Hat 1 08-09-2004 07:08 AM
does not have GPG signature mackol Linux - Software 0 05-26-2004 09:57 PM
apt GPG Signature Issue blaroe Fedora 2 01-13-2004 10:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration