Hi there,
Unless I’m missing something, this is a pattern I see used in release
management where a list of SHA256 checksums for deliverables are provided in a
file, and that checksum file is then clearsigned (or detached if you prefer).
Also known also “signing your checksums file.”
Examples:
- https://releases.ubuntu.com/focal/
- https://www.debian.org/CD/verify
The security of this process in the scenario you described, however, would be
contingent upon a) the transport security between M and H, and b) whether H in
fact trusts M to produce valid and trustworthy checksums.
Assuming everything is okay here, you then ship both the checksums file and its
corresponding GPG signature to L. In this manner, H does not require access to
artifacts on M due to their SHA256 representatives (presumed to be
cryptographically ensured) and L of course is presumed to be secure because it
only involves the use of public keys, cryptography, and resultant signatures
needing to be verified by external consumers, etc.
I would offer, though, that M should actually be considered just as sensitive
as H since it is producing artifacts (aka attestations) that H is going to end
up signing for. If you’re automating this (as in DevOps), consider supply chain
threat scenarios and the implications of a compromised M producing some
nullifying claim or malicious code that ends up getting certified as “valid” by
H.
Regards,
Matt
On Tue, May 13, 2025 at 15:22, Richard Stoughton via Gnupg-users <
[[email protected]](mailto:On Tue, May 13, 2025 at 15:22, Richard Stoughton
via Gnupg-users <<a href=)> wrote:
> Hi,
>
> We have three servers H -> M -> L with high, medium, and low security.
>
> The private signature key is known to H only and must never leave H.
>
> Artifacts that must be signed are produced on M which is capable of
> calculating hashes (e.g. SHA-256 hashes). H has the ability to read
> these hashes but cannot access the artifacts.
>
> The artifacts are then being transported to L where they are
> considered valid if there is also a valid signature for them. H is
> expected to push the respective signatures to L.
>
> The question is: Is it possible to gpg-sign a file given its hash only?
>
> --
> Thanks in advance,
> Alex
>
> _______________________________________________
> Gnupg-users mailing list
> [email protected]
> https://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users
