Bug 480017 - Use SHA-2 and stronger signature in "SHA1SUM"
Use SHA-2 and stronger signature in "SHA1SUM"
Product: Fedora
Classification: Fedora
Component: pungi (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: David Cantrell
Fedora Extras Quality Assurance
Depends On:
Blocks: fedora-sha2 477043
  Show dependency treegraph
Reported: 2009-01-14 11:05 EST by Miloslav Trmač
Modified: 2013-01-10 00:00 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-02-10 19:31:58 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Create ISO-SUMS instead of SHA1SUM, use both sha256 and sha1 (6.44 KB, patch)
2009-01-29 09:43 EST, Miloslav Trmač
no flags Details | Diff

  None (edit)
Description Miloslav Trmač 2009-01-14 11:05:41 EST
The SHA-1 hash has known weaknesses, we should migrate to a SHA-2 digest algorithm.  See https://fedoraproject.org/wiki/Features/StrongerHashes for more rationale and information.

SHA-1 is currently used in the SHA1SUM files used to authenticate the release, both for hashes of the signed files and for the hash used inside the GPG signature.

It is not necessary to rename the file each time each time a new hash is used because the coreutils *sum utilities ignore incorrectly formatted lines.  We can therefore create a signed ISO-SUMS file that starts with the following text
(or add the text to installation guide?):
   This file is digitally signed: if you have the Fedora N key in your keyring,
   verify the authenticity of the file using (gpg --verify ISO-SUMS).

   If you have downloaded ISO images to the same directory as this file, verify
   them using the first command from the following list available on your

   [commands newer hash types would go here in the future]
   $ sha256sum -c ISO-SUMS
   $ sha1sum -c ISO-SUMS

   The cryptographic hashes follow.

   [output of newer *sum programs would go here in the future]
   [sha256sum output]
   [sha1sum output]
(This also allows running (sha1sum ISO-SUMS) from a script for all releases that use ISO-SUMS, even if newer hashes are available; that doesn't help security any, but it makes script writing a bit more convenient.)

In addition to using sha256sum to compute published hashes, the digital signature needs to use SHA-256: generate it using (gpg --digest-algo sha256 ...).  To make sure the public key signature is at least comparably strong to the hash, the public key used to sign the file should be at least 2048 bits long.  RPM currently supports only RSA keys for signatures embedded in packages (see #479859) - so the Fedora 11 release key should be a RSA key with key size at least 2048 bits.
Comment 1 Miloslav Trmač 2009-01-28 20:46:08 EST
To generate such signatures using sigul, update to sigul-0.92 (from
http://people.redhat.com/mitr/rpmsigner ) and configure it to use SHA-256:
    echo 'personal-digest-preferences sha256 sha1'>
(this affects all keys managed by this sigul installation, but the default
1024-bit DSA keys can only use a 160-bit hash, so SHA-1 will be used for
1024-bit DSA keys, the same as if this preference were not set.)
Comment 2 Miloslav Trmač 2009-01-29 09:43:43 EST
Created attachment 330357 [details]
Create ISO-SUMS instead of SHA1SUM, use both sha256 and sha1

Attached is a proposed patch.

I have tested all changes except for the high-level doCreateIsos() method.
Comment 3 Jesse Keating 2009-02-10 19:31:58 EST
I've written something slightly different and just pushed it upstream.

Note You need to log in before you can comment on or make changes to this bug.