[Webfunds-devel] good keys, bad keys...

Ian Grigg iang@julius.ai
Mon, 4 Sep 2000 19:15:36 -0400 (AST) 

(This bug is on the Critical Path :()

Cryptix / OpenPG / SOX.Crypto.java disagree with GPG as to ... signed keys!!

SimpleIssuer includes this code:

            PublicKey signerKey = Crypto.getPublicKeyFromCert(signer);
            logmsg("Verifying ServerCert is signed by Server CA certificate");
            if (!Crypto.verifyCertificate(serverCert, signerKey)) {

byte[] b = signerKey.getEncoded();
PGPArmoury ok = new PGPArmoury(b, KeyUtil.PUBLIC_KEY_BLOCK);
b = Crypto.getPublicKeyFromCert(serverCert).getEncoded();
PGPArmoury sk = new PGPArmoury(b, KeyUtil.PUBLIC_KEY_BLOCK);
logmsg(
                    "serverCert (first) not signed by operator Cert (2nd)\n\n"+
                    sk + "\n\n\n" + ok + "\n\n");

                throw new SOXIssuerException(SOXException.SERVER_CERT,
                    "serverCert not signed by operator Cert");
            }

This code trips up sometimes - but not always - when getting
the server and operator certs from the new OpenPGP-enabled
Issuer.  Here's the relevant diags:

Utils:   OpenPGP Certificate being returned...
          i Got a serverCert!Systemics OpenPGP SOX [server] (dss1) <server@syste
mics.com>
          i Verifying ServerCert is signed by Server CA certificate
          i serverCert (first) not signed by operator Cert (2nd)

(I think.... as this is a DOS attack on the Teller, it is hard
to see what is happening as I have about 100 threads all doing
the same thing....)

So, then the code above blows and throws out these keys:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Cryptix OpenPGP

mQGiBDmhLB0RBAD2EgVFT7nXNFQoMwgfUEQHx12+iUTRg+VWjJUWRENQq0kDa+Hp
UFzp9NJ7SZLvu8FSm2mI3gIvuVnCd9ueGG+eQgIqIXuDJJj3q2aOIMDc9FjaeX0b 
uMMIuA/Aejkh2QN2UJ7GtQybJkeqrjdsLdiGEnWhbrhMw1xmZKxiPjx74wCg8+Jo  
MGA1qvOnGqP/R0Wl1btuhKUEAJH3zBzX8em93mpPDO91Vu0YVALtqv97QSc3ubVT
iihbz2ahu0bgArnS55SdDj6RSYWU2GZ0TGkgLA3xolKHK3mOLBujxwuoVqr2odzD
B04QYes1MU89x3jlYQp20RIoIZxNxKC1Zrwe4RZy7yDnH3BpO9xFpk0qPxKwYn6P
NALEA/0XRtrpibF8UA268E7kbvkhZFMBp5608OVPs8WiPm6OHFd1nkAKgx93kbn1
/pVb1hMM9s+dUI8dQ2kkvVejYa4uIKAWaeOZHgwArXrC6nEx1UkddfLgU3SfGzr2
lTPh/ozdzC2Fu9M3KcJ+2efDtS5GvMgND+9xk6SvpEBudU7t4rQ8U3lzdGVtaWNz
IE9wZW5QR1AgU09YIFtzZXJ2ZXJdIChkc3MxKSA8c2VydmVyQHN5c3RlbWljcy5j
b20+iFYEExECABYFAjmhLB0ECwoEAwMVAwIDFgIBAheAAAoJEMnosz2emrc0wmcA
n2msoTzQGCuO9TBPbrHQxW53fB14AJwIZflTrwIWF8lmSCO0xIq2H/1Ab4hGBBAR
AgAGBQI5oSwoAAoJECnzi1MoLXQKEDMAoI/g2Rs3gZbLUhmfbZYwAoohXACQAJsF
P40e1v6nz4DmmmsC0UtVr1HjIw==
=XzRQ
-----END PGP PUBLIC KEY BLOCK-----

          
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Cryptix OpenPGP

mQGiBDmhGRERBAC9F7VF7ZNcwhffdFS2Sg0AcsF9gdhEEggZmBT1ezM5BYEO4lvN
EJjezFilNxMLE3mP9E95mtRUEEtIx4ViyAGjVPwRBVQA2BNf+rbvCReBhhlJTFkN
GOSHd65k4mDCflJAn7EX2OpST9tEAhpBs82w4OxlHIxmnav8iyD0O07sHwCgzYJI
Xv3TEqERh0eDPEQ80MqGYEkD/Aj12tRhZYhYlVtEmJ4MrET9Ezuyhn8kQv89iBNK 
u2mN//LK4cqfJos1SJ3qXT16AHQQvfI0AUsI1ZQ+piq9pZ+sUMwpRnoQHM5SKux5  
UYcIM9aklW0zYAt+WjyrQBhN0eW0uzF40NVZHIH592dz/1RbNKf0hSDKBeCERTxk
/zRDA/9rgvwyclIq4VTgA9AgwHC+JrKwbtJsawb4eYZPSbDe/pl2bQT9haTuLBKs
Olz57Er5Vto6DWb1hs8gzb107u7CGYholr/tyjiPRhDvOcVQpZudkCE/1UXpawT/
P4tPUvrBIVNK5SmHVRz6nsJxMxYm6Pr14+t8mgS1jrr/TxFTW7Q+U3lzdGVtaWNz
IE9wZW5QR1AgU09YIFtvcGVyYXRvcl0gKGRzczEpIDxzZXJ2ZXJAc3lzdGVtaWNz
LmNvbT6IVgQTEQIAFgUCOaEZEQQLCgQDAxUDAgMWAgECF4AACgkQKfOLUygtdArw
3QCeJ8bEfVFS2etPkFus6esJfZ0+2OUAoK4AIIjFB+9CsoEkCn4dJBRTUKen
=L806
-----END PGP PUBLIC KEY BLOCK-----


which GPG decides are fine.  I.e., the first *is* signed
by the second.  And, what's more, this sequence fails in
many of the threads, but not all, more like less than half.

(Full technicolour diags located at http://www.iang.net/dos.txt)

(What happens next is that the Issuer is declared dead and
Teller spits the dummy...)


!gpg -v < moo
File modified since last write.
gpg: Warning: using insecure memory!
gpg: armor header: Version: Cryptix OpenPGP
gpg: armor header: Version: Cryptix OpenPGP
pub  1024D/9E9AB734 2000-08-21 Systemics OpenPGP SOX [server] (dss1) <server@systemics.com>
sig        9E9AB734 2000-08-21   [selfsig]
sig        282D740A 2000-08-21   Systemics OpenPGP SOX [operator] (dss1) <server@systemics.com>
pub  1024D/282D740A 2000-08-21 Systemics OpenPGP SOX [operator] (dss1) <server@systemics.com>
sig        282D740A 2000-08-21   [selfsig]
Press any key to continue [: to enter more ex commands]: