cannot verify signatures R4.0.4

[Franz]

Hello,

everything seems to work fine:

gpg2 --check-signatures "Qubes OS Release 4 Signing Key"
pub   rsa4096 2017-03-06 [SC]
      5817A43B283DE5A9181A522E1848792F9E2795E9
uid           [  full  ] Qubes OS Release 4 Signing Key
sig!3        1848792F9E2795E9 2017-03-06  Qubes OS Release 4 Signing Key
sig!         DDFA1A3E36879494 2017-03-08  Qubes Master Signing Key
gpg: 2 good signatures

gpg2 -k "Qubes OS Release"
pub   rsa4096 2014-11-19 [SC]
      C52261BE0A823221D94CA1D1CB11CA1D03FA5082
uid           [  full  ] Qubes OS Release 3 Signing Key
pub   rsa4096 2017-03-06 [SC]
      5817A43B283DE5A9181A522E1848792F9E2795E9
uid           [  full  ] Qubes OS Release 4 Signing Key

but when I try to verify get unexpected error, even after downloading two times the files, and even after trying with Fedora and Debian:

gpg2 -v --verify qubes-release-4-signing-key.asc Qubes-R4.0.4-x86_64.iso
gpg: verify signatures failed: Unexpected error

[Franz]

I found the problem: I downloaded

Qubes release signing key

rather than

Detached PGP signature

Well frankly, IMO the name of the wrong file seems more appropriate than the right one.

How is  "Detached PGP signature" supposed to be easy to understand? :-) Detached from what? Well, I am sure it is detached from something, but I lost hours for nothing and other users may simply avoid verifying the iso if it is too complicated.

Once there was only one file that could be downloaded. Well I understand the additional files may have some additional use, but there are a lot of people that are not interested in that and just need an easy and fast way to get it going.

So perhaps it may be more appropriate to add to the detached file also the wording "use this file to follow the Qubes verification tutorial"

Best

Franz

[Andrew David Wong]

Yes, we already have a Troubleshooting FAQ entry for this situation:

https://www.qubes-os.org/security/verifying-signatures/#why-am-i-getting-verify-signatures-failed-unexpected-data

(It looks like GPG may have slightly changed their wording from
"unexpected data" to "Unexpected error," but it should still be close
enough to point you in the right direction.)

> Well frankly, IMO the name of the wrong file seems more appropriate than the right one.

No, a key is completely different from a detached signature file. It
would be incorrect to call the signature file a key. It would actually
be *more* confusing, since then there would be two different types of
things called "keys."

> How is "Detached PGP signature" supposed to be easy to understand? :-)
> Detached from what?

Detached from the thing being verified (in this case, the ISO) as
opposed to being included (as in a clearsigned text file, such as our
signed hash values). That's just what it's called in the PGP/GPG world:

https://www.gnupg.org/gph/en/manual/x135.html

> Well, I am sure it is detached from something, but I lost hours for nothing and other users may simply avoid verifying the iso if it is too complicated.

That's why we provide such detailed step-by-step instructions and a
troubleshooting FAQ at the bottom of the page:

https://www.qubes-os.org/security/verifying-signatures/

> Once there was only one file that could be downloaded.

No, that was never the case with Qubes ISO verification. At minimum,
you'd theoretically need two things: The PGP key and the clearsigned
data (data + sig in a single file). However, in all of my years using
and working on Qubes, I can't recall ever seeing a PGP signature
included in an ISO as a single file (i.e., a "clearsigned ISO"). Not
sure if it's even possible. Even if it were, it may not be desirable,
since the ability to handle the ISO on its own is useful. (This is why
we also include signed hash values as an alternative verification method.)

> Well I understand the additional files may have some additional use

It's not like we're including extra files for the heck of it. All of the
files we're providing to you are necessary for secure verification. None
of them are optional in that process. Please carefully read this page again:

https://www.qubes-os.org/security/verifying-signatures/

> but there are a lot of people that are not interested in that and
just need an easy and fast way to get it going.

For a user who primarily seeks security, it generally doesn't make sense
to unsecurely install a high-security OS, since this can easily be a
self-defeating exercise. Therefore, we our main focus is on
high-security verification.

Nonetheless, we also understand that different users seek varying levels
of security and that some are attracted to Qubes for primary reasons
other than security (e.g., control and compartmentalization, perhaps
with security as a bonus). We understand that such users may appreciate
another verification method that trades a small amount of security in
exchange for a great amount of convenience, and there has been some
exploration on this front:

https://github.com/QubesOS/qubes-issues/issues/6191

> So perhaps it may be more appropriate to add to the detached file also the
> wording "use this file to follow the Qubes verification tutorial"

Sure, if it's possible to include extra comment text that doesn't
interfere with the signature, it wouldn't hurt to point to the guide.
I'll ask the team about this.

--
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

[unman]

On Fri, Mar 26, 2021 at 09:39:39PM -0700, Andrew David Wong wrote:
> > So perhaps it may be more appropriate to add to the detached file also the
> > wording "use this file to follow the Qubes verification tutorial"
>
> Sure, if it's possible to include extra comment text that doesn't interfere
> with the signature, it wouldn't hurt to point to the guide. I'll ask the
> team about this.
>

Yes, you can add a comment, or multiple comments using the handy
`--comment ` parameter.
Whether someone who wont read the detailed guides, even after hitting
problems, will check inside the signature file is a moot point.
And in the present case, it isn't clear that the user downloaded the sig
file but didn't use it.

[Ulrich Windl]

PGP/GPG basics: Normally when signing a file, the file is changed
(signature appended (basically)). With a detached signature, the signed
file is unchanged, and the signature is a separate "detached" file.
That's a detached signature.

Of course to check a signature you need the signing key as well as the
detached signature.

> Detached from what? Well, I am sure it is detached from something, but I
> lost hours for nothing and other users may simply avoid verifying the
> iso if it is too complicated.
> Once there was only one file that could be downloaded. Well I understand
> the additional files may have some additional use, but there are a lot
> of people that are not interested in that and just need an easy and fast
> way to get it going.
> So perhaps it may be more appropriate to add to the detached file also
> the wording "use this file to follow the Qubes verification tutorial"
> Best
> Franz
>

> --
> You received this message because you are subscribed to the Google
> Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to qubes-users...@googlegroups.com
> <mailto:qubes-users...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/CAPzH-qA8vf%2BmzbNk7Jtx3geszJ6AGn7FOT8Eyos4qrfgbhgEww%40mail.gmail.com
> <https://groups.google.com/d/msgid/qubes-users/CAPzH-qA8vf%2BmzbNk7Jtx3geszJ6AGn7FOT8Eyos4qrfgbhgEww%40mail.gmail.com?utm_medium=email&utm_source=footer>.

[Franz]

I understand your point, you are right, also, really on item 3 of the verification tutorial there is written "detached PGP signature file" even if in normal character rather than bold. But, during my efforts I checked this paragraph many times without noting the critical wording detached PGP signature file. So it is just my fault, OK.

But it is sad that Qubes remains, after so many years a system organized by developers for developers. I mean people that think that learning to use computers is something important. But the majority of potential users do not have the time for that.  I suggested a friend to use Qubes. He is an investment manager, so naturally interested in maximum security. He was even able to install Monero cryptocurrency wallet and node on a linux computer, so he is not adverse to using computers. But he replied to me: I tried to use Qubes, but it is too much for me, I cannot use it.

I love Qubes and always found a way to invest the time necessary to get it working and to ask your kind help when necessary, but it would help to add a tutorial called:

Qubes the easy way

there explaining all the basics, without options.

I would begin telling that Qubes is much easier with a few computer models and listing 5 of the best. This alone saves a lot of time.

Then, the verification process is the hardest part to digest. Would it be possible to avoid it in the following way:

I know your web servers may be compromised and also I am comfortable with the mantra that we do not trust infrastructure. But you will know if your servers have been compromised because many people would claim they are unable to verify the compromised download. So what about if "Qubes the easy way" just includes subscribing to a mailing list that only alerts if servers have been compromised. So, if after a couple of weeks or one month no alert is received, then it is reasonable to think that the download files and the installation are secure enough.

I suppose this would be better than avoiding any verification, even if I used Qubes since the first beta release about ten or more years ago and never got news that Qubes servers had been compromised. So this risk seems almost nonexistent. But who knows the future...  for the worst case the email alert would help. What do you think? This is just an idea, there may be a more proper way to alert  people.

These two, the computer choice and the verification are the most critical parts, but there may be others to add that I do not remember now.

Finally, many many thanks for your replies and dedication and sorry for not being a developer at your level.

Best