Join Log in
Score:2
not2savvy avatar Crypto

Can I check if a PGP signed message has been modified when I don't have the public key

eg flag
not2savvy

Is it possible to check if a PGP signed message has been modified when the public key of the signer is not available?

Like, is there a message digest (hash) that can be checked without knowing the public key of the signer?

Note that I am aware that, even if the message digest is okay, it is not possible to prove authenticity. However, what I am asking is if I can discover just the case that the message has been modified (more accidentally than intentionally tampered with).

Basically, I'm asking if I can technically detect a modification of a signed message without the signer's public key.

The reason why I am asking is this scenario:

  • I get a message that is signed
  • I don't have the signer's public key
  • My app tells me that the signer cannot be verified

Now I modify one byte of the message and try again, then

  • My app still tells me that the signer cannot be verified

while I would think that, in this scenario, it would be more important to know that the message has been modified.

123
1 + 3
jamesbtate avatar
jp flag
jamesbtate
If you are not able to verify the authenticity of a message, how can you trust any calculation of its integrity? Or to put it another way, if I have maliciously modified a signed message, couldn't I just as easily maliciously modify the checksum?
0
Reply
fgrieu avatar
ng flag
fgrieu
_Tampered with_ explicitly indicates _intentional_ modification, and that's not limited to cryptography. Further, in a cryptographic context, _altered_ also at least includes the possibility of intentional modification. If you are limited to accidental modification (as I now think you are), that should be more explicit in the question; the added "think of: " still does not make it clear enough.
1
Reply
not2savvy avatar
eg flag
not2savvy
@fgrieu Thanks for the pointer. I'm not a native speaker, so perhaps that's why I wasn't aware of the narrow meaning of *tampered with*. I've updated the question accordingly.
1
Reply
Score:3
fgrieu avatar Crypto
ng flag
fgrieu

There is no cryptographically sound method to check if a PGP signed message has been tampered with† when the public key of the signer is not available.

Argument: an adversary can craft any message they like, sign it with a private key of their choice, and if encryption is used encipher it with the public key of the intended recipient(s), which by the standard definition of public is assumed available to adversaries.

There are several ways in which many (and for large messages at least, most) accidental alterations of the message can be detected (at least with knowledge of the public key of a recipient, or of the password for symmetrically encrypted data), including

  • A 16-bit field of a signature packet version 4 (or 3) designed specifically for this purpose.
  • The Modification Detection Code which is designed for that purpose.
  • The (little) redundancy built into the compression that is optionally used.
  • And of course the redundancy in the message itself.

† The standard meaning of that is that an intentional modification has been applied. Further, in a cryptographic context, the default is to assume that alterations are deliberately made by intelligent adversaries.

+ 2
not2savvy avatar
eg flag
not2savvy
Thanks for your answer. However, as I said in my question, I am aware of the fact that any signer could have signed the message after having modified it. Yet, that's not what I'm after. I'm asking if I can detect a modification of the message without the signer's public key. I edited my question in the hope to make that clearer.
0
Reply
Joshua avatar
cn flag
Joshua
@not2savvy: The signing blob contains the first 16 bits of the hash of the message. This usually fast-rejects damaged messages.
2
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.