In gpg, “decrypting” a signed message without the public key

1
votes

I know how to use gpg to sign messages or to verify signed messages from others. But I recently noticed that you can "decrypt" a signed message without access to their public key [although you can't verify the signature].

For example, here is a small signed message.

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1

owEBrAJT/ZANAwACAULhWJW/fwKRAax8YgdtZXNzYWdlWFVuX0hlbGxvIFN0YWNr
T3ZlcmZsb3cuCgpZb3UgY2FuIHJlYWQgdGhpcyBtZXNzYWdlLCBldmVuIHRob3Vn
aCB5b3UgZG9uJ3QgaGF2ZSBteSBwdWJsaWMga2V5LiBIb3cgZG9lcyB0aGF0IHdv
cms/CokCHAQAAQIABgUCWFVuXwAKCRBC4ViVv38CkXl6D/oCvgOGKFx7c0IDAI9q
2wsj35bapllGlxCRK5/Z8sYqM2RpcV+//wArozMTndFj60ZevMIrPYyWEUyKYS6l
kgq6euD2hbcoy/bcP/3z51K3zCtXby4/CKgx6E1ecC94iO89hVoYQkLWtgRWiL8Z
wfGWgr8X0MaGzsU5q/SchJfZj5ox32JN0S8Iqfqk+xJe2CdQ4KRpbS3M5I3u8/yX
E5ETUeO3aFPwmrBysJysGozWatoiDlMvuiLfnW+Qs4DkEpSRxOw2Sx+ufE2wmWlJ
+5Q4OJiEL6TmJ+Di201CHDGFPWVkrGDioMt6x07vyyiW6X2k4vmIjbFL9vtypUfF
4VzzCWRX9BTCVZZo4ULUmkNznF1IkYJ03TlEFqfTrQ6Jq3SeqlzjGY3I4LJ1a9cL
eobIECLFLqTmOmXM5oC/38V2kNA+/NoSNkw+H78sIlfQ8919JktVG+oa6mEP2OQ8
7k3W7nSpcKugGYDXBB5HQa8lPq1lgI9H+j05pCAhoNnff6Ynl223ycva0xq5wOs/
mjViRWDn+RUebp3KcN/PW7Bkf9RsKt/sPJl2IPdDwdaBibUkhIEKfWVpaOd9rlK6
06/bD+momYpXSlmE/eYh+pf8aIj2R+7Ciz8fAqrTU2hPSWoi2Ne/ISwLBJS4wmRZ
OnHYDOXulQBor1K+VgKyYclC2Q==
=5/kF
-----END PGP MESSAGE-----

Unlike many signed messages, this message isn't plain-signed. I had thought that without access to the public key for this message, it wouldn't be possible to read it, let alone to verify it.

But if one uses gpg --decrypt on this message, it is able to produce the plaintext version. Alternately, if you use a service like Keybase for gpg, then Keybase is also able to produce the plaintext. What exactly is going on?

A first thought would be that the public key is somehow included in the message, but it appears that this is not true. The fingerprint of the public key is included, though that shouldn't be enough to decrypt the message, right?

2
cryptographydigital-signaturegnupg

2 Answers

3
votes

GPG with --sign --armor produces base64-encoded (more precisely Radix-64-encoded) output where the message body is still readable by simply base64-decoding the output.

So I guess another way to put it is that the message is encoded but not encrypted.

To see, run the PGP message in the question through any base64 decoder (e.g., some online one).

Because the message isn’t encrypted but instead only signed, then no key is needed to decrypt it. It’s just a signature and some text wrapped up together. So GPG unwraps it without needing a key.

The word “wrapped” here is just shorthand. Here’s a more detailed explanation:

  • every PGP message contains a set of what the OpenPGP spec calls “packets”
  • for --sign output, GPG encodes a message containing (1) a Literal Data Packet that holds the message body and (2) a Signature Packet
  • when --decrypting --sign output, GPG just decodes it; it decodes the literal-data-packet part to get the (unencrypted) message body and the signature-packet part to get the signature

So recipients only need the key if they want to check the message text against the signature. They don’t need the key to just read the message. They only need GPG or some other implementation of the OpenPGP Message Format standard that understands how to decode the message format.

As far as encryption, there’s no difference between that --signed message and one signed with --clearsign. Neither is encrypted. The only difference otherwise is that for a message signed with --sign, a recipient needs to use GPG to unwrap the text from the signature, while for a message signed with --clearsign, the recipient can see the message text without needing GPG.

1
votes

Further to the accepted answer, even if the message was encrypted - it would be done so with your public key, and since you have the private key, you can decrypt it. The only purpose that the signature and validation serves, is to 'prove' who sent you the message. If you don't care who it came from, you can still decrypt any PGP message sent to you by ignoring the signature - you just can't be sure it came from who you think it came from.