Bug 479859 - Use SHA-2 in RPM signatures
Use SHA-2 in RPM signatures
Product: Fedora
Classification: Fedora
Component: distribution (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Bill Nottingham
Depends On:
Blocks: fedora-sha2 479863
  Show dependency treegraph
Reported: 2009-01-13 11:58 EST by Miloslav Trmač
Modified: 2014-03-16 23:17 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 479863 (view as bug list)
Last Closed: 2009-03-09 23:05:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Miloslav Trmač 2009-01-13 11:58:23 EST
RPMs are currently signed using a DSA key and a SHA-1 message digest.  SHA-1 has known weaknesses, we should migrate to signatures that use a SHA-2 hash.

See https://fedoraproject.org/wiki/Features/StrongerHashes for more detailed rationale.

RPM currently supports SHA-2 only with RSA keys.  The key size should be at least 2048 bits, which [1] claims achieves algorithm strength of 112 bits (with SHA-256 strength of 128 bits, the result is the smaller value, i.e. 112 bits).

So, the Fedora 11 key should be a RSA key with key size at least 2048 bits.

To use SHA-256 with the key, define the following macro:
--define '__gpg_sign_cmd %{__gpg} gpg --force-v3-sigs --digest-algo sha256 --batch --no-verbose --no-armor --passphrase-fd 3 --no-secmem-warning -u "%{_gpg_name}" -sbo %{__signature_filename} %{__plaintext_filename}'

(--force-v3 sigs is necessary due to #436812).

This creates RPMs that can be handled by rpm at least since RHEL5 (rpm-4.4.2).

[1] http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
Comment 1 Miloslav Trmač 2009-01-28 20:39:23 EST
To generate such signatures using sigul, update to sigul-0.92 (from http://people.redhat.com/mitr/rpmsigner ) and configure it to use SHA-256:
    echo 'personal-digest-preferences sha256 sha1'> /var/lib/sigul/gnupg/gpg.conf
(this affects all keys managed by this sigul installation, but the default 1024-bit DSA keys can only use a 160-bit hash, so SHA-1 will be used for 1024-bit DSA keys, the same as if this preference were not set.)

When signing RPMs, use (sigul sign-rpm --v3-signature ...), which passes --force-v3-sigs to rpm --addsign.
Comment 2 Jesse Keating 2009-03-09 23:05:57 EDT
Our sign_unsigned code now is able to support the larger sigs.  A 4096bit RSA gpg key has been created for Fedora 11 Test and packages are currently being signed.

Note You need to log in before you can comment on or make changes to this bug.