480017 – Use SHA-2 and stronger signature in "SHA1SUM"

Bug 480017 - Use SHA-2 and stronger signature in "SHA1SUM"

Summary: Use SHA-2 and stronger signature in "SHA1SUM"

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pungi
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	David Cantrell
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	fedora-sha2 477043
TreeView+	depends on / blocked

Reported:	2009-01-14 16:05 UTC by Miloslav Trmač
Modified:	2013-01-10 05:00 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2009-02-11 00:31:58 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Create ISO-SUMS instead of SHA1SUM, use both sha256 and sha1 (6.44 KB, patch) 2009-01-29 14:43 UTC, Miloslav Trmač	no flags	Details \| Diff
View All

Description Miloslav Trmač 2009-01-14 16:05:41 UTC

The SHA-1 hash has known weaknesses, we should migrate to a SHA-2 digest algorithm.  See https://fedoraproject.org/wiki/Features/StrongerHashes for more rationale and information.

SHA-1 is currently used in the SHA1SUM files used to authenticate the release, both for hashes of the signed files and for the hash used inside the GPG signature.

It is not necessary to rename the file each time each time a new hash is used because the coreutils *sum utilities ignore incorrectly formatted lines.  We can therefore create a signed ISO-SUMS file that starts with the following text
(or add the text to installation guide?):
   This file is digitally signed: if you have the Fedora N key in your keyring,
   verify the authenticity of the file using (gpg --verify ISO-SUMS).

   If you have downloaded ISO images to the same directory as this file, verify
   them using the first command from the following list available on your
   system:

   [commands newer hash types would go here in the future]
   $ sha256sum -c ISO-SUMS
   $ sha1sum -c ISO-SUMS

   The cryptographic hashes follow.

   [output of newer *sum programs would go here in the future]
   [sha256sum output]
   [sha1sum output]
(This also allows running (sha1sum ISO-SUMS) from a script for all releases that use ISO-SUMS, even if newer hashes are available; that doesn't help security any, but it makes script writing a bit more convenient.)

In addition to using sha256sum to compute published hashes, the digital signature needs to use SHA-256: generate it using (gpg --digest-algo sha256 ...).  To make sure the public key signature is at least comparably strong to the hash, the public key used to sign the file should be at least 2048 bits long.  RPM currently supports only RSA keys for signatures embedded in packages (see #479859) - so the Fedora 11 release key should be a RSA key with key size at least 2048 bits.

Comment 1 Miloslav Trmač 2009-01-29 01:46:08 UTC

To generate such signatures using sigul, update to sigul-0.92 (from
http://people.redhat.com/mitr/rpmsigner ) and configure it to use SHA-256:
    echo 'personal-digest-preferences sha256 sha1'>
/var/lib/sigul/gnupg/gpg.conf
(this affects all keys managed by this sigul installation, but the default
1024-bit DSA keys can only use a 160-bit hash, so SHA-1 will be used for
1024-bit DSA keys, the same as if this preference were not set.)

Comment 2 Miloslav Trmač 2009-01-29 14:43:43 UTC

Created attachment 330357 [details]
Create ISO-SUMS instead of SHA1SUM, use both sha256 and sha1

Attached is a proposed patch.

I have tested all changes except for the high-level doCreateIsos() method.

Comment 3 Jesse Keating 2009-02-11 00:31:58 UTC

I've written something slightly different and just pushed it upstream.

Note You need to log in before you can comment on or make changes to this bug.