BTS

Issue1590

Title download signatures should be detatched GPG signatures
Priority wish Status in-progress
Superseder Nosy List brentsaner
Assigned To Topics

Created on 2015-08-10.05:02:17 by brentsaner, last changed 2015-08-16.18:34:21 by ch.

Messages
msg5304 (view) Author: ch Date: 2015-08-16.18:34:21
FTR:

  gpg --personal-digest-preferences SHA256 --output grml64-full_sid_build1321.iso.asc -
-armor --detach-sign grml64-full_sid_build1321.iso
msg5223 (view) Author: mika Date: 2015-08-10.10:22:04
Hi,

agreed, also the confusion about the "Hash: SHA256" inside the *.sha1.asc file
is something we should avoid if possible. I need to discuss this with the other
developers and also see how that can fit into our release workflow. Thanks for
your suggestions!
msg5220 (view) Author: brentsaner Date: 2015-08-10.05:02:16
Currently, the signatures offered are:

-SHA-256 GPG-signed..
-SHA-1 sums.

There are two main issues I take with this (and one minor annoyance), and do
hope you consider them (along with several recommended solutions).

1.) SHA-1 is broken[0]. If checksums are to be used, the SHA-2 suite (SHA256,
SHA384(uncommon), SHA512(recommended)) is recommended as an alternative. While
the hash itself *is* signed as SHA256 (via GPG), it is still a SHA-1 sum.

2.) However, and my preferred solution: why is a hash being GPG-signed? This
requires one to go through several steps simply to confirm the integrity.

3.) All of the signatures must be downloaded separately.


SOLUTION PROPOSAL:
1.) (preferred) Instead of generating a checksum and then signing that checksum
separately, simply use:
 gpg --personal-digest-preferences SHA512 --output <some-release>.iso.sig
--detach-sign <some-release>.iso

This creates a standalone (or "detached") GPG signature (the default is to
include the data when performing a signature), using SHA-512. It then allows
users to perform a quick and simple "gpg --verify" (which requires no private
key to be generated, only that the GPG public key installed in the local
keyring- which would be necessary to confirm the present method of checksums
anyways).

2.) A list of SHA-512 sums for ALL ISO/netboot/etc. images distributed, and then
that list is GPG-signed. This allows use of sha512sum -c in a scriptable manner
(one would only need to fetch the sig, strip out the GPG header/footer, and run
the check against that list).

3.) Use the present signing method, but use SHA-512 instead of SHA-1


I do hope this is considered for review. Thank you for your time, and all the
effort you put into grml.


[0] https://www.schneier.com/blog/archives/2005/02/sha1_broken.html
History
Date User Action Args
2015-08-16 18:34:21chsetstatus: chatting -> in-progress
messages: + msg5304
2015-08-10 10:22:12mikasetpriority: bug -> wish
2015-08-10 10:22:04mikasetstatus: unread -> chatting
messages: + msg5223
2015-08-10 05:02:17brentsanercreate