[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Two distinct DSA keys sign a file with the same signature. Is this repudiation issue?
- To: Alfonso De Gregorio <[email protected]>
- Subject: Two distinct DSA keys sign a file with the same signature. Is this repudiation issue?
- From: guninski at guninski.com (Georgi Guninski)
- Date: Wed, 28 Sep 2016 14:20:41 +0300
- Cc: [email protected]
- In-reply-to: <CA+bTbPCqXUPoWgfW+TXD+LmXpVnGtghKUvM=Y-p5h5TP0vrYkw@mail.gmail.com>
- References: <[email protected]$> <CA+bTbPCqXUPoWgfW+TXD+LmXpVnGtghKUvM=Y-p5h5TP0vrYkw@mail.gmail.com>
On Wed, Sep 28, 2016 at 06:40:57AM -0400, Alfonso De Gregorio wrote:
> If you are able to generate colliding signatures for a target (chosen) key,
> this may amount to an impersonation attack, depending on the exact
> origin authentication checks -- which may be considered even worse
> than a repudiation issue.
>
No, I didn't claim this.
> If what you can do is to generate two new key pairs, where the
> signatures made by first can be verified as signed by the second (or
> viceversa), then this provides plausible deniability, and the
> possibility to repudiate any valid signature made by any of the
> affected signing keys.
>
Yes, exactly what I claimed. Posted the keys and x509 certificates,
which can be verified with openssl.
The keys (possibly except g=1) are not valid, but appear to be accepted
by openssl without error. The certificates appear to be valid (not
counting the key issues).