Discussion:
tarball signature digest algorithm
(too old to reply)
Andreas Stieger
2014-09-14 14:45:55 UTC
Permalink
Hello,

while packaging postfix 2.11.1 I noticed that the corresponding pgp/gpg
signature is generated using the md5 digest algorithm. MD5 is now
disabled as an acceptable digest method for signatures for source
tarballs of openSUSE packages. Would it be possible to re-issue the
signature using a SHA-1 or any of the SHA-2 family?

Many thanks,
Andreas Stieger
Wietse Venema
2014-09-14 15:06:54 UTC
Permalink
Post by Andreas Stieger
Hello,
while packaging postfix 2.11.1 I noticed that the corresponding pgp/gpg
signature is generated using the md5 digest algorithm. MD5 is now
disabled as an acceptable digest method for signatures for source
tarballs of openSUSE packages. Would it be possible to re-issue the
signature using a SHA-1 or any of the SHA-2 family?
Thanks for checking the signature. MD5 is good enough for Postfix
tarballs, since there are no known second pre-image attacks. It has
the significant benefit that it is supported by every existing PGP
implementation.

What does this have to do with openSUSE source-code tarballs?

Wietse
Graham Leggett
2014-09-14 15:25:36 UTC
Permalink
Post by Wietse Venema
Thanks for checking the signature. MD5 is good enough for Postfix
tarballs, since there are no known second pre-image attacks. It has
the significant benefit that it is supported by every existing PGP
implementation.
At httpd we hash twice, once with md5 and once with sha1.

Regards,
Graham
--
Andreas Stieger
2014-09-14 15:35:41 UTC
Permalink
Hello,
Post by Wietse Venema
Thanks for checking the signature. MD5 is good enough for Postfix
tarballs, since there are no known second pre-image attacks. It has
the significant benefit that it is supported by every existing PGP
implementation.
The crypto is understood. You may however be interested to know that gpg
since 2.0.23 rejects MD5 signatures by default. From
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=NEWS;h=88c667be68a59f3eb8c373ebd6bf8f023a2d314e;hb=refs/heads/STABLE-BRANCH-2-0#l54
Post by Wietse Venema
* gpg: Reject signatures made using the MD5 hash algorithm unless the
new option --allow-weak-digest-algos or --pgp2 are given.
What does this have to do with openSUSE source-code tarballs?
Our package build system checks your signatures against your tarballs,
the verification fails due to the MD5 signature, obviously also because
none of the above compatibility options are used on our side.

If at all possible I would appreciate a more modern digest algorithm to
be used as far as it works with the compatibility concerns you mentioned.

Thanks,
Andreas
Wietse Venema
2014-09-14 15:50:11 UTC
Permalink
Post by Andreas Stieger
Hello,
Post by Wietse Venema
Thanks for checking the signature. MD5 is good enough for Postfix
tarballs, since there are no known second pre-image attacks. It has
the significant benefit that it is supported by every existing PGP
implementation.
The crypto is understood. You may however be interested to know that gpg
since 2.0.23 rejects MD5 signatures by default. From
Thereby hindering the validation of past documents.
Post by Andreas Stieger
Post by Wietse Venema
What does this have to do with openSUSE source-code tarballs?
Our package build system checks your signatures against your tarballs,
the verification fails due to the MD5 signature, obviously also because
none of the above compatibility options are used on our side.
I see. You could of course turn on those options. I have no plans
to re-sign already-released tarballs.
Post by Andreas Stieger
If at all possible I would appreciate a more modern digest algorithm to
be used as far as it works with the compatibility concerns you mentioned.
I can update the packaging script to issue multiple PGP signatures.
What suffix do you suggest for sha512-based PGP signatures? I have
no plans to stop issuing the traditional MD5-based .sig files.

Wietse
Andreas Stieger
2014-09-14 16:22:23 UTC
Permalink
Hello,
Post by Wietse Venema
I see. You could of course turn on those options. I have no plans
to re-sign already-released tarballs.
Understood.
Post by Wietse Venema
Post by Andreas Stieger
If at all possible I would appreciate a more modern digest algorithm to
be used as far as it works with the compatibility concerns you mentioned.
I can update the packaging script to issue multiple PGP signatures.
What suffix do you suggest for sha512-based PGP signatures? I have
no plans to stop issuing the traditional MD5-based .sig files.
That will be fine. I do not know if there is an established pattern for
this, but I suggest postfix-${VERSION}.tar.gz.asc as a straightforward way.

Thanks,
Andreas
Wietse Venema
2014-09-14 16:42:19 UTC
Permalink
Post by Andreas Stieger
Hello,
Post by Wietse Venema
I see. You could of course turn on those options. I have no plans
to re-sign already-released tarballs.
Understood.
However, I would appreciate it if you could verify that the attached
file works as expected.

Wietse
Andreas Stieger
2014-09-14 16:49:25 UTC
Permalink
Hello,
Post by Wietse Venema
However, I would appreciate it if you could verify that the attached
file works as expected.
It does, please see below.

$ gpg -v --verify postfix-2.11.1.tar.gz.asc
Version: GnuPG v1.4.12 (FreeBSD)
gpg: armor header:
gpg: assuming signed data in `postfix-2.11.1.tar.gz'
gpg: Signature made Sun 14 Sep 2014 17:40:35 BST using RSA key ID C12BCD99
gpg: using classic trust model
gpg: Good signature from "Wietse Venema <***@porcupine.org>"
Primary key fingerprint: FF 96 4A 8C 96 88 7C 6E A4 EF AD BF 48 34 E1 BB
gpg: binary signature, digest algorithm SHA512

Thanks,
Andreas
Viktor Dukhovni
2014-09-14 17:14:43 UTC
Permalink
Post by Wietse Venema
However, I would appreciate it if you could verify that the attached
file works as expected.
With gpg from macports on MacOSX:

Previous signature:

$ GNUPGHOME="${PWD}" gpg --verify postfix-2.11.1.tar.gz.sig
gpg: Signature made Wed May 7 13:46:50 2014 EDT using RSA key ID C12BCD99
gpg: WARNING: digest algorithm MD5 is deprecated
gpg: please see http://www.gnupg.org/faq/weak-digest-algos.html for more information
gpg: Good signature from "Wietse Venema <***@porcupine.org>"

New signature:

$ GNUPGHOME="${PWD}" gpg --verify postfix-2.11.1.tar.gz.asc
gpg: Signature made Sun Sep 14 12:40:35 2014 EDT using RSA key ID C12BCD99
gpg: Good signature from "Wietse Venema <***@porcupine.org>"
--
Viktor.
Wietse Venema
2014-09-14 17:18:14 UTC
Permalink
Post by Viktor Dukhovni
$ GNUPGHOME="${PWD}" gpg --verify postfix-2.11.1.tar.gz.asc
gpg: Signature made Sun Sep 14 12:40:35 2014 EDT using RSA key ID C12BCD99
Fine. Having two digests will make the pre-image attacks much harder.

Wietse

Loading...