Red Hat Bugzilla – Bug 493126
use sha256 to gpg sign *-CHECKSUM files
Last modified: 2013-01-10 00:07:55 EST
Description of problem:
The checksum in *-CHECKSUM files are done with sha256sum, but the gpg signature only uses SHA1:
$ grep Hash F11-Beta-i686-Live-CHECKSUM
Passing this to gpg will probably make it use SHA256 instead:
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.
More information and reason for this action is here:
This was fixed in time for F11. Thanks!
For F12, SHA1 was used again! :-(
$ curl -s https://fedoraproject.org/static/checksums/Fedora-12-i386-CHECKSUM|grep Hash
Worse: SHA256 was used (just look at the length of the hash, or run sha256sum on the iso yourself), but the CHECKSUM file says "SHA1". The hash is right, it is signed with the right key, but it is labeled incorrectly, so that if a machine were going to verify it, it would say it is either wrong or invalid. Such an error slipping through means the hash was never verified, which is a concern.
(In reply to comment #4)
> Worse: SHA256 was used (just look at the length of the hash, or run sha256sum
> on the iso yourself), but the CHECKSUM file says "SHA1". The hash is right, it
> is signed with the right key, but it is labeled incorrectly, so that if a
> machine were going to verify it, it would say it is either wrong or invalid.
> Such an error slipping through means the hash was never verified, which is a
sha256sum was used to create the hash values of the individual files listed in the CHECKSUM file, but SHA1 was used to create the signature of the list of sha256 hash values. Within the section that starts with "-----BEGIN PGP SIGNATURE-----", there SHA1 is used. This is what the "Hash: SHA1" line says after "-----BEGIN PGP SIGNED MESSAGE-----".
Same problem with F13 beta.
This will require support in sigul for doing sha256 signatures when clear signing. That support doesn't exist yet.
See https://bugzilla.redhat.com/show_bug.cgi?id=480017#c1 .
This should affect all signing operations; RPM signatures do use SHA-256, was the checksum file signed using a different mechanism?
(sigul sign-rpm --v3-signature) has no equivalent in (sigul sign-text), but v3/v4 signature format is unrelated to the hash algorithm used.
I think what's missing is setting the preference in sigul's gpg.conf. I had assumed that by setting it, we would be unable to generate sha1 signatures for our older rpm systems. I'll have to test this.
Since this is a process issue, not a pungi issue, I've filed this in releng trac. https://fedorahosted.org/rel-eng/ticket/3762