Bug 480017 - Use SHA-2 and stronger signature in "SHA1SUM"
Summary: Use SHA-2 and stronger signature in "SHA1SUM"
Alias: None
Product: Fedora
Classification: Fedora
Component: pungi
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: David Cantrell
QA Contact: Fedora Extras Quality Assurance
Depends On:
Blocks: 477043 fedora-sha2
TreeView+ depends on / blocked
Reported: 2009-01-14 16:05 UTC by Miloslav Trmač
Modified: 2013-01-10 05:00 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-02-11 00:31:58 UTC
Type: ---

Attachments (Terms of Use)
Create ISO-SUMS instead of SHA1SUM, use both sha256 and sha1 (6.44 KB, patch)
2009-01-29 14:43 UTC, Miloslav Trmač
no flags Details | Diff

Description Miloslav Trmač 2009-01-14 16:05:41 UTC
The SHA-1 hash has known weaknesses, we should migrate to a SHA-2 digest algorithm.  See https://fedoraproject.org/wiki/Features/StrongerHashes for more rationale and information.

SHA-1 is currently used in the SHA1SUM files used to authenticate the release, both for hashes of the signed files and for the hash used inside the GPG signature.

It is not necessary to rename the file each time each time a new hash is used because the coreutils *sum utilities ignore incorrectly formatted lines.  We can therefore create a signed ISO-SUMS file that starts with the following text
(or add the text to installation guide?):
   This file is digitally signed: if you have the Fedora N key in your keyring,
   verify the authenticity of the file using (gpg --verify ISO-SUMS).

   If you have downloaded ISO images to the same directory as this file, verify
   them using the first command from the following list available on your

   [commands newer hash types would go here in the future]
   $ sha256sum -c ISO-SUMS
   $ sha1sum -c ISO-SUMS

   The cryptographic hashes follow.

   [output of newer *sum programs would go here in the future]
   [sha256sum output]
   [sha1sum output]
(This also allows running (sha1sum ISO-SUMS) from a script for all releases that use ISO-SUMS, even if newer hashes are available; that doesn't help security any, but it makes script writing a bit more convenient.)

In addition to using sha256sum to compute published hashes, the digital signature needs to use SHA-256: generate it using (gpg --digest-algo sha256 ...).  To make sure the public key signature is at least comparably strong to the hash, the public key used to sign the file should be at least 2048 bits long.  RPM currently supports only RSA keys for signatures embedded in packages (see #479859) - so the Fedora 11 release key should be a RSA key with key size at least 2048 bits.

Comment 1 Miloslav Trmač 2009-01-29 01:46:08 UTC
To generate such signatures using sigul, update to sigul-0.92 (from
http://people.redhat.com/mitr/rpmsigner ) and configure it to use SHA-256:
    echo 'personal-digest-preferences sha256 sha1'>
(this affects all keys managed by this sigul installation, but the default
1024-bit DSA keys can only use a 160-bit hash, so SHA-1 will be used for
1024-bit DSA keys, the same as if this preference were not set.)

Comment 2 Miloslav Trmač 2009-01-29 14:43:43 UTC
Created attachment 330357 [details]
Create ISO-SUMS instead of SHA1SUM, use both sha256 and sha1

Attached is a proposed patch.

I have tested all changes except for the high-level doCreateIsos() method.

Comment 3 Jesse Keating 2009-02-11 00:31:58 UTC
I've written something slightly different and just pushed it upstream.

Note You need to log in before you can comment on or make changes to this bug.