{{Header}}
{{Title
|title=Software Signature Verification Usability Issues and Proposed Solutions
}}
{{#seo:
|description=Severe Usability Issues with Software Signature Verification such as GnuPG and Proposed Solutions / Secure Downloader Development Notes
|image=Signatureverification123123.jpg
}}
[[image:Signatureverification123123.jpg|thumb]]
{{intro|
Severe Usability Issues with Software Signature Verification such as GnuPG and Proposed Solutions / Secure Downloader Development Notes
}}
= Problem =
Quote [[Warning]] page, [[Warning#Always_Verify_Signatures|Always Verify Signatures]]:

<blockquote>{{always_verify_signatures}}</blockquote>

Surveys ([Dev/Download_Statistics example]) have shown that very few users use software signature verification. Even fewer users have a sufficient understanding of the threat model. In case of an attack by an advanced adversary most users would get compromised. This is the very strong opinion of the author of this text. Usually the author of this text seldom raises strong opinions.

Required knowledge is far too much. Usability of tools used for manual verification of software signatures is such as GnuPG is far too bad. For an elaboration of these issues, see [[Verifying_Software_Signatures#Conceptual_Challenges_in_Digital_Signatures_Verification|Conceptual Challenges in Software Digital Signatures Verification]] and [[Verifying Software Signatures]].

= Solutions =
== Metalink ==
Metalink are links which support additional metadata. Such as in theory links to signing keys, software signatures. Browser could implement support for metalink and automation of software verification.

Would require Metalink including OpenPGP support.

GSoC may be way to get this feature into Firefox.

* https://en.wikipedia.org/wiki/Metalink
* https://bugzilla.mozilla.org/show_bug.cgi?id=331979
* https://web.archive.org/web/20201214130913/https://github.com/Whonix/Whonix/issues/21

Metalink would only be a gradual improvement. Download security is harder than just verification of software signatures. Rollback (downgrade), indefinite freeze attacks and other attacks would still be possible. See [https://theupdateframework.io/security/ TUF Threat Model, TUF: Attacks and Weaknesses] for further information.

https://daniel.haxx.se/blog/2021/06/07/bye-bye-metalink-in-curl/

== Subresource Integrity ==
Would solve mirror issue.

Unavailable for file downloads.

https://github.com/w3c/webappsec-subresource-integrity/issues/68

== OpenPGP Signed Website ==
[[Dev/OpenPGP Signed Website|OpenPGP Signed Website]]s and browsers verifying website signatures do not exist yet either.

== Key Distribution ==
Even if browsers (such as Firefox, Chrome) and/or downloaders (such as wget, curl, aria2c) had support for metalink and OpenPGP verification there would still be no concept on how to distribute the signing keys. This is a hard problem. [[SSL|TLS]] has the same issue. The certificate authority (CA) system problem.

[https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities DANE] (DNS-based Authentication of Named Entities) might be a way put the root anchor into the DNS but that's no perfect end-to-end authentication either.

= Deprecated Ideas =
== JavaScript Based Verification ==

<u>Threat model:</u>

* '''A)''' <u>When avoiding mirrors:</u> No JavaScript (JS) based verification is required because both download and JS come from the same source with the same trust level.
* '''B)''' <u>If using mirrors:</u> JS based verification can make sense but gpg bases is much more secure.

<u>Usability considerations:</u>

* <u>Lack of automation:</u> Cannot be automated. The user manually using the verification button is always required.
** StreamSaver.js feature request: [https://github.com/jimmywarting/StreamSaver.js/issues/321 check integrity of downloaded files]

Security considerations:

* <u>JS dependency:</u> Conflicts with noJS users. Impossible to implement without JS.

Development effort considerations:

* <u>High effort:</u> Lots of effort to then be ignored by noJS users.

== SecureDownloader ==
=== Introduction ===
Deprecated idea.

Stub downloader. Similar to the one that Mozilla is providing for Firefox downloads. A small tool that is used to download and install the real tool.

Securing downloads may be better when written as a general purpose tool (not specific to {{project_name_long}}).

No other projects such as Firefox or Debian support this use case.

=== Open Questions ===
* How to download and verify the host program in the first place?
** Without being able to answer this question the thing becomes a circle and doesn't actually solve anything.
* How to download the secure downloader itself in censored countries?
* How to download files in censored countries?
* Torify downloads?

=== Challanges ===
Such a host program is host operating system specific, well you can write it in a cross platform language but still have to struggle with platform specific quirks.

The Tor Project never managed to get such a downloader up and running, see {{Code|Thandy}}.

=== Conclusion ===
Not useful. Better to fix the root issue upstream.

= Resources =
* [https://mailman.stanford.edu/pipermail/liberationtech/2013-July/009620.html liberationtech: secure download tool - doesn't exist?!?]
* [[Dev/Permanent_Takedown_Attack_Defender|proposal to defend a permanent takedown threat]]
* <code>TUF (The Update Framework)</code> <ref>
https://github.com/theupdateframework/tuf
</ref>
* TUF Threat Model, <code>TUF: Attacks and Weaknesses</code><ref name=tufaaw>
https://theupdateframework.io/security/
</ref>
* [https://gitlab.torproject.org/legacy/trac/-/issues/2340 GPG signatures do not authenticate filenames]
* https://gitlab.torproject.org/legacy/trac/-/issues/2340#comment:14
* [https://web.archive.org/web/20201214130913/https://github.com/Whonix/Whonix/issues/21 Metalink]
* [https://en.bitcoin.it/wiki/User:Gmaxwell/update_checking_requirements update checking requirements discussion for bitcoin-qt by Bitcoin developer]
* https://sourceforge.net/p/aria2/feature-requests/221/

= See Also =
* [[Verifying Software Signatures]]
* [[OpenPGP]]
* [[Verify the images]]
* [[Signing Key|{{project_name_short}} Signing Key]]
* [[Software Signature Verification Usability Issues and Proposed Solutions]]
* [[Dev/OpenPGP Signed Website|OpenPGP Signed Website]]s

= Footnotes =
{{reflist|close=1}}

{{Footer}}

[[Category:Development]]