Bug 480017

Summary: Use SHA-2 and stronger signature in "SHA1SUM"
Product: [Fedora] Fedora Reporter: Miloslav Trmač <mitr>
Component: pungiAssignee: David Cantrell <dcantrell>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: dcantrell, katzj
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-02-11 00:31:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 461972, 477043    
Attachments:
Description Flags
Create ISO-SUMS instead of SHA1SUM, use both sha256 and sha1 none

Description Miloslav Trmač 2009-01-14 16:05:41 UTC 
The SHA-1 hash has known weaknesses, we should migrate to a SHA-2 digest algorithm.  See https://fedoraproject.org/wiki/Features/StrongerHashes for more rationale and information.

SHA-1 is currently used in the SHA1SUM files used to authenticate the release, both for hashes of the signed files and for the hash used inside the GPG signature.

It is not necessary to rename the file each time each time a new hash is used because the coreutils *sum utilities ignore incorrectly formatted lines.  We can therefore create a signed ISO-SUMS file that starts with the following text
(or add the text to installation guide?):
   This file is digitally signed: if you have the Fedora N key in your keyring,
   verify the authenticity of the file using (gpg --verify ISO-SUMS).

   If you have downloaded ISO images to the same directory as this file, verify
   them using the first command from the following list available on your
   system:

   [commands newer hash types would go here in the future]
   $ sha256sum -c ISO-SUMS
   $ sha1sum -c ISO-SUMS

   The cryptographic hashes follow.

   [output of newer *sum programs would go here in the future]
   [sha256sum output]
   [sha1sum output]
(This also allows running (sha1sum ISO-SUMS) from a script for all releases that use ISO-SUMS, even if newer hashes are available; that doesn't help security any, but it makes script writing a bit more convenient.)

In addition to using sha256sum to compute published hashes, the digital signature needs to use SHA-256: generate it using (gpg --digest-algo sha256 ...).  To make sure the public key signature is at least comparably strong to the hash, the public key used to sign the file should be at least 2048 bits long.  RPM currently supports only RSA keys for signatures embedded in packages (see #479859) - so the Fedora 11 release key should be a RSA key with key size at least 2048 bits.
Comment 1 Miloslav Trmač 2009-01-29 01:46:08 UTC 
To generate such signatures using sigul, update to sigul-0.92 (from
http://people.redhat.com/mitr/rpmsigner ) and configure it to use SHA-256:
    echo 'personal-digest-preferences sha256 sha1'>
/var/lib/sigul/gnupg/gpg.conf
(this affects all keys managed by this sigul installation, but the default
1024-bit DSA keys can only use a 160-bit hash, so SHA-1 will be used for
1024-bit DSA keys, the same as if this preference were not set.)
Comment 2 Miloslav Trmač 2009-01-29 14:43:43 UTC 
Created attachment 330357 [details]
Create ISO-SUMS instead of SHA1SUM, use both sha256 and sha1

Attached is a proposed patch.

I have tested all changes except for the high-level doCreateIsos() method.
Comment 3 Jesse Keating 2009-02-11 00:31:58 UTC 
I've written something slightly different and just pushed it upstream.