Hi Albrecht, On 05/05/2019 08:36:14 AM Sun, Albrecht Dreß wrote:
Hi all, this week an interesting paper about attacks against MUA's supporting OpenPGP and S/MIME signatures has been published [1]. Instead of attacking the crypto layer, the authors show methods for spoofing digital signatures. Opening the proof-of-concept messages available from the authors [2] in Balsa unfortunately shows some vulnerabilities which I will try to fix as soon as possible. Note that the multipart/signed PGP samples are not recognised by Balsa as they miss the required 'micalg' parameter [3]; I added it for my tests. A brief summary of the test results, running the latest Balsa master build on Ubuntu 18.04 LTS, which comes with gpg 2.2.4, gpgsm 2.2.4 and gpgme 1.100: - Perfect forgery: C2 - Partial forgery: I1, I2, I3 - Weak forgery: M3 (inline PGP only), M4 (inline PGP only), U1 - Not vulnerable: C1, C3, C4, G1, G2, M1, M2, M3 (multipart/signed only), M4 (multipart/signed only) Cheers, Albrecht.
… Thanks for testing Balsa on these attacks! Will look forward to patches 😁️ Best, Peter
Attachment:
pgp0SOKElVmJb.pgp
Description: PGP signature