Preventing against injected private keys ++++

When transferring a secret key, the passphrase authenticates the message. That is, the fact that the user knows the passphrase means that the contents are authentic. This means that to ensure that the message is authentic, the autocrypt implementation must check that the passphrase is correct.

Unfortunately, GnuPG’s –decrypt option doesn’t mean that it must decrypt a packet (and will fail if not), it just means that if GnuPG encounters an encrypted packet while processing the message, it will try to decrypt it. Thus, if a message contains just a literal packet, then GnuPG with the –decrypt option will not fail; it will just emit the contents of the literal packet.

Another example where something could go wrong is if a key is encrypted with the user’s private key and the passphrase is cached. In this case, GnuPG will not use any SK-ESK packet to retrieve the session key, but will use the PK-ESK packet. In other words, it won’t verify that the passphrase is correct.

There may be other scenarios and other implementations may have other gotchas.

To avoid these issues, it is imperative that the autocrypt implementation ensure that the OpenPGP implementation actually check that the supplied passphrase is correct, e.g., by making sure that it decrypts the SK-ESK packet using the supplied passphrase.

On GnuPG, we recommend using a temporary home directory (using –homedir) when doing the decryption. This ensures that the gpg-agent does not have any passphrases cached. Furthermore, the –status-fd output should be checked to make sure that a decryption actually occured. This protects against the aforementioned literal data packet attack.

An example of a literal data packet message is provided below. If your autocrypt implementation imports this private key successfully, then your implementation is broken.

—–BEGIN PGP MESSAGE—–

owF9lzcOxMyRRhXzFH9OLOhdoIDee8+MZuiHHHoOb6dYN5EuoZGEhbAbqIGOGoUG GvW91/XXvxd/Sv9sOv/zz8WJsmr94cjOH46nRmwg/qGL6R+cYfP6v84BYHTtlJMG JrA3jmeFw2wMkAU9WtPfapMdW+FJTMdGECMu0OUEnyBmQrnFL0L6FK86DoEHyhMK RIp62XjLsC+ioxNFEeoSSlp6qngOXWjomJWKb/IIZuA2bK+xQZKbnlD05hqgGH1p 8k2ZuJ98iutqstFTiiVoIxho/YgOCdaZOB00hpWUIJ0N0+VHZMDXQHWwqZs54Okb s7068B7YuW6Qs/twchg6LUEfoz9BxjRfUV9zsujHg/qI+c1IOmT5h1iGtsZAASDA rZdWWDeNQ11P1XxJbpRGlBuVolUwc0Z+43lhzzQ/5nectcblSDcFhh9Bviru4DQg qD3CXPGDYRLXl3YsOpZ8L2rvGxdcnZ+PAs0By4kcy4osB+EgTYAQjOUqucVRt4A8 kLMFgmx2G7O5kAgmKBCxYfFJ37rEEVP6lQmskm7hRFAvIr8is7clVa/AlNg9+RPn M5AKxAXmlxMGdMdfOO5Y+/f7QjCEGxQ67FSb4blvxtmP0Ne1UFmfTsvU+kFkYq/8 HfaBrx6vnnqqkRogZO6Iez/umELsZ6+ZRBlNRmML5gvXEarnn8Y/B4vno1zUuRVc /F09gG8bd4/8fj9ROH+l2ipxSsGKZ1rrl9UGkUs5TigM9iAN9qaMluJeyC3ejPhC rtCnPxyA54fjcfUrHrp3UuPd4EPvZdoWkMnewhBBn7IhlVTfT6bDnW4b8RdX5Arv yqdxu5wUAp4LVxwrIBPTfI89rxIpRPzJd9onSLcaHMfc3E1jME4mkDVX0VSSpFkt DxnEa5qOwAAQnGJfkWxe+RBUShQPR+XPcgYyD2NvZ90d63MSpIV1d5MtBlZgGycY llHG3dI1ewoDzmbbif4VWT5U1khhNS+YqflDjy8pohWsQeJ85KTYqh8YZoOd312X BUUlHHUxGQxuB9hXNKGM+cKGqzyscTwaPKNIiEy2unDcuoHk9GIrfdsjb7orOQhT 2p0OcIvazLp/zwE4cRlHrqlhq1dzQsWOzkyZr3XH43NeOhR+2najtjiQVd2S025i tD2q3ea5s7wPURYDnqanG+00AzZspTmOQ6WgFAJbpTNGkqUUIHgqcKgQ5+0TpupM 16wl0uTm1ytElbWmAOgt2DY9VK9SqXWjIQ5tboVTETNOaYlcYR/ZUjgCv3Lss9bJ VOipTxYw50cr2jDD2wVUvnXdEq7KR4ptfSMmpNDBcBZMgrZj39oIwTYucCKIBnWR bUJraWhm6JoT2LYzu38DWraL1AjHxExZ7qrDWjge+TvqKzkaVHEfXz5L5zGxZLEF Z7HHpkkEF6j1fSUcbLyZL5A9pMaGuCheosoKTay67idIT21dF/TlBy1z1ufpKX7C lGnrhnwcICZ5qQV7hQbvNgrANmnEs4POX6ooNarAuurrt5OGZXXeE/5THLfPjwd0 /LiabLvKUejFBZMjoOGIu5ghdd17sQXIMNvZ26+zLPpdZPGec/S6IAZRUQm9DLGH +3k8m/G5q7Wf+WQ0CzBERhKGD9WFpko+nXfiBQix6Ik06j1zmo8kPjE0konLVhKA plsOzzRtDalr7lrI4wzs99vWXsRaOx7fsKRYBwWtMgx8np3PU2wmzYuhOAh8j/W7 hb0i4WoGn2HxOXP4TNEa0Bh/haS9e45UkapTQUYpQ0jMiFjUdpFA8d/QkpRHsYIW uT6nUzCwavOtUDCD3CMCAcDu660S+UhfKpLbG4/1kgD3Zz83GvOtpi/b6rD0+lrb 2FFVG31cBow4jNZjAwuuaBcAq3xh0//RG//rRirG/DT+UYRdNiPc75wzhzVFkABX iB7LWLd61Jk0ZSYCut3HtqXazY4W0Lljn7eUOBzo98vGtHKZSVlQczYhvvaYF/MP TPoXioy354KR+5apFcBjvKyx5ytI8yncS2o7uY5z2xc3fuD8xRtUvlYaRXrieAYt 3nMkFebKGIIJX1TsdDGwzgcH5vmdVJKFqmdikN8hmtNm900wYD6zxYD9y4vVRzOS RKI9IuzK6G/uSPfFxXJrEwK7V2f6KHmvsuTfRsmzXZ5V7ogrWRxvfhhoiIwlEhgn zD6w0ATeWc1+4jWSp81wUH4DwKba1MGkv3b9Ttr8i3L+WyOKgEOW8kBBCZ3Mm1H4 +z9+Yxw/6vzEw1EVEUygEeY3vyZ+HPAT+VW2s/hG08/qBOvQkCYLroPjqki+SQdH IyXoFaUdWa66aiw4hqotAGSRQm25KPikwtbdvsi9JpNshpKyemKziCt3u0OoU4tT RaG5Tu6S6fZ8+Lz8otOCTABaVmaBxMMgd4Rvnu5s24KhDSbsRdWECnuviESrroeW omgNHBcy3Bp5P/etwo9NJNmBD9xxqgejLtf8mKzIZ2j0dEHw3iGJhlGGxkbf9Psd WqhdtaLH+CRJEISOlzFRo1h2AI3utctD1TBiRy8d1zc4PIvyFkOiCeSIPh9ZppRV fLhs60zk5Og6Q3dBwC9zL+9TfYCKKZsv2Qo/vwWisEeLnv1+Y0Gq/CLBCUc+YQs/ 9bLPuNHHIINFFlAfP7maWumiQ00TiASm0THG3r8/eszL2fPxkaBI+ZmDbkrqHVET fYkpBibnVeIucmFsvMty512y8CcPJ6DlsCKU5NR58qJl7Hlufd84jDgW6PEaQxAn Lr+ikkC0NBktQfccdE6+XBYPzX4vlgMgy5dQfVUc691hyaMw0/Py1BhM1Nvx9IlL GsrxDZ2oCr/Qqp8iGT1+hn773uRspa1TQN7KgSqeFM6ioGz2BPZFKskHnTSi8TPO C3UeQLJm6EP4fMkkeOBvpWNg52Z08JOJ0wB9HB6Z4n09lwvki9VtL7mFiSlwHqIp uDOhzhSgPvz11HKh9Jqwz4vOiAEe+oTYqpcLaCdl+rjPMiJj2bpS5hwozTaqHndK k2v/aZT3jII0J5lhCyPcruAoifJDp9SDZvlxC7ShlxZDhoomHUv3PgdMHImE6CqL 7Or+fEiV5Hg+NRtMYtFYr/5Y2tBKW4Od3Jer6gFrcTimzq/Zzh5wlIF2smhskIoy +1MVz/5bVX/503+RFfC/thL+v4xCbfzJiNJdESs7xrJmRb2iiceDifheNyag3IZi +g4oTtqVpEbi0htug9pivkhpszLuwwO8ker+FS8Lb4RxJ6HsUDLvsaFRhnbqfMHO MGA10KrZit3+wW4/gHH3e4rcTxSpbDP3PTuzOjK02eVWSWNgh9niSID0xEig2sKZ rXzxGvA6qU183t6tq8OdNUn6gZ+FE9eqWTf/HYe6xNdqDysYYTb4ETyzfvo3m3O2 pkgnQ1/ALxdoYELprNyQRH4uGmsVlJ2tMjrU8PUiBbtQ7NHycYSRUe6O4DQfrEj+ jRVY6m8pBwwfOobTlkMLCK3nJC6ZhwxFRzYQ4a35mqWfzqkEwXn5EbPrCFhxMwj8 eRrfNvCvwUu0hP82lv0D =9WbE —–END PGP MESSAGE—–