Bug#825123: marked as done (debarchiver: release files generated by debarchiver use weak digest algos in signatures)

Mon, 06 Jun 2016 14:30:41 -0700 

Your message dated Mon, 6 Jun 2016 23:28:24 +0200
with message-id 
<CABY6=0mCfGU0FaFoJwZXAKN4WLuTeWD=myasdqp2pflaion...@mail.gmail.com>
and subject line Re: Bug#825123: debarchiver: release files generated by 
debarchiver use weak digest algos in signatures
has caused the Debian Bug report #825123,
regarding debarchiver: release files generated by debarchiver use weak digest 
algos in signatures
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
825123: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825123
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: debarchiver
Version: 0.10.5
Severity: grave
Tags: security
Justification: renders package unusable


Hi.

It seems that the Release/etc. files generated by debarchiver
use SHA1 as signature algorithm.

aptitude/etc. in sid no longer accept these weak algos per default
and reject such repos.

Please switch to SHA512... and ideally make the used algo configurable
for those who think SHA512 is to costly for them and want to use
something lower.

Thanks,
Chris.

--- End Message ---
--- Begin Message --- 
Hi Christoph

Thank you for your report, and sorry for a late reply.

I have done some testing and the hash depends on the version of gpg
you have and what key you have generated.

If you have at least the version of gpg in jessie (I tested on jessie)
and a 4096 bit RSA key then the default hash is SHA256 which from what
I understand is cryptographically ok. See verification 1 below for a
proof of that.

In addition to that the algorithm is configurable in ~/.gnupg/gpg.conf
The statement to use is (without the quotes):
"personal-digest-preferences SHA256"
or whatever hash you would like to use.

Please note that you have to have a good key. You can not use a 1k bit
key for this.

Based on this I do not think this is a bug in at least jessie and
later and thus this should not be seen as a grave bug. Or for that
matter a bug at all in current stable and later. Therefore I'm closing
this bug now.

I could probably accept that is a documentation bug for an upgrade
case, or that it should be clarified that 4096 bit keys should be used
when signing the archive. If you think I should document this better,
please re-open the bug with a non-grave severity.

For wheezy this is a bug, but I do not think it is severe enough to
issue a DLA. If you object I'm happy to help out with that (I happen
to know that drill :-) ).

Best regards,

// Ola

Verification 1) This was run on my jessie workstation (using the same
gpg options that debarchiver uses, I have removed some sensitive data
from this command below)
ola@tigereye:~$ echo "..." | gpg --batch --no-tty -a -b -s -u XXX
--passphrase-fd 0 -o foo.txt.asc foo.txt
ola@tigereye:~$ LANG=C gpg -v --verify foo.txt.asc
gpg: armor header: Version: GnuPG v1
gpg: assuming signed data in `foo.txt'
gpg: Signature made Mon Jun  6 22:45:18 2016 CEST using RSA key ID XXX
gpg: using classic trust model
gpg: Good signature from "XXX"
gpg: binary signature, digest algorithm SHA256

Now just to show what kind of key it is:
ola@tigereye:~$ LANG=C gpg --list-keys XXX
pub   4096R/XXX 201x-xx-xx
uid                  XXX
sub   4096R/YYY 201x-xx-xx

Verification 2) This was run on my wheezy chroot on a newly generated
key (for some reason the debarchiver options did not work there, but
that is a separate issue, not related to this one)
root@tigereye:~# gpg --sign foo.txt.gpg
...
root@tigereye:~# gpg -v --verify foo.txt.gpg
gpg: original file name='foo.txt'
gpg: Signature made Mon Jun  6 21:19:53 2016 UTC using RSA key ID 33051E80
gpg: using PGP trust model
gpg: checking the trustdb
gpg: 1 keys cached (2 signatures)
gpg: 1 keys processed (1 validity counts cleared)
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Good signature from "Ola Lundqvist (Root) <o...@inguza.com>"
gpg: binary signature, digest algorithm SHA1
root@tigereye:~# rm -Rf .gnupg/

// Ola

On Mon, May 23, 2016 at 10:01 PM, Christoph Anton Mitterer
<cales...@scientia.net> wrote:
> Package: debarchiver
> Version: 0.10.5
> Severity: grave
> Tags: security
> Justification: renders package unusable
>
>
> Hi.
>
> It seems that the Release/etc. files generated by debarchiver
> use SHA1 as signature algorithm.
>
> aptitude/etc. in sid no longer accept these weak algos per default
> and reject such repos.
>
> Please switch to SHA512... and ideally make the used algo configurable
> for those who think SHA512 is to costly for them and want to use
> something lower.
>
> Thanks,
> Chris.



-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  o...@inguza.com                    Folkebogatan 26            \
|  o...@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------

--- End Message ---

Reply via email to