Bug 479859

Summary: Use SHA-2 in RPM signatures
Product: [Fedora] Fedora Reporter: Miloslav Trmač <mitr>
Component: distributionAssignee: Bill Nottingham <notting>
Status: CLOSED RAWHIDE QA Contact: Bill Nottingham <notting>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: dcantrell, katzj, pinto.elia, pmatilai, rvokal
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 479863 (view as bug list) Environment:
Last Closed: 2009-03-10 03:05:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 461972, 479863    

Description Miloslav Trmač 2009-01-13 16:58:23 UTC 
RPMs are currently signed using a DSA key and a SHA-1 message digest.  SHA-1 has known weaknesses, we should migrate to signatures that use a SHA-2 hash.

See https://fedoraproject.org/wiki/Features/StrongerHashes for more detailed rationale.

RPM currently supports SHA-2 only with RSA keys.  The key size should be at least 2048 bits, which [1] claims achieves algorithm strength of 112 bits (with SHA-256 strength of 128 bits, the result is the smaller value, i.e. 112 bits).

So, the Fedora 11 key should be a RSA key with key size at least 2048 bits.

To use SHA-256 with the key, define the following macro:
--define '__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs --digest-algo sha256 --batch --no-verbose --no-armor --passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}'

(--force-v3 sigs is necessary due to #436812).

This creates RPMs that can be handled by rpm at least since RHEL5 (rpm-4.4.2).

[1] http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
Comment 1 Miloslav Trmač 2009-01-29 01:39:23 UTC 
To generate such signatures using sigul, update to sigul-0.92 (from http://people.redhat.com/mitr/rpmsigner ) and configure it to use SHA-256:
    echo 'personal-digest-preferences sha256 sha1'> /var/lib/sigul/gnupg/gpg.conf
(this affects all keys managed by this sigul installation, but the default 1024-bit DSA keys can only use a 160-bit hash, so SHA-1 will be used for 1024-bit DSA keys, the same as if this preference were not set.)

When signing RPMs, use (sigul sign-rpm --v3-signature ...), which passes --force-v3-sigs to rpm --addsign.
Comment 2 Jesse Keating 2009-03-10 03:05:57 UTC 
Our sign_unsigned code now is able to support the larger sigs.  A 4096bit RSA gpg key has been created for Fedora 11 Test and packages are currently being signed.