Re: [Rpm-maint] [rpm-software-management/rpm] RPMv6 proposal: Detached signatures (#1482)
> @mlschroe Sadly, Fedora doesn’t sign its metadata. We don't need to as we use metalinks. In the metalink is the checksum(s) for the valid repomd.xml file. If someone tampers with the repodata it will not match and the client will go on to the next one. But thats likely offtopic for this issue... so I will stop there. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1482#issuecomment-761870577___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RPMv6 proposal: Detached signatures (#1482)
There is a middle way how to deal with signatures: Append at the end of the package. RPM should probably dictate a way how they should be separated. Then one could just read the last few kB of the package and check for signatures there without understanding the rpm format at all. You could also put signatures there that are completely unknown to rpm. One could encode them with base64 or something similar to be 100% sure nothing can go wrong. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1482#issuecomment-760149740___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RPMv6 proposal: Detached signatures (#1482)
@Conan-Kudo That is fantastic news! -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1482#issuecomment-758096633___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RPMv6 proposal: Detached signatures (#1482)
@DemiMarie The first steps towards making it possible to do that are being done now: https://pagure.io/koji/pull-request/2637 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1482#issuecomment-758094027___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RPMv6 proposal: Detached signatures (#1482)
@mlschroe tell that to the Fedora infrastructure maintainers. They don’t sign their metadata. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1482#issuecomment-758093056___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RPMv6 proposal: Detached signatures (#1482)
Rpm will have to support the embedded signatures for just about forever more, but there's no reason rpm couldn't support detached signatures as an alternative, it's just a piece of OpenPGP data that could come from anywhere if there was an API for it. But detached signatures aren't any magic solution to all signature problems, it's just a different set of compromises from the embedded ones. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1482#issuecomment-757939520___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RPMv6 proposal: Detached signatures (#1482)
Fast and has a massive security margin. I believe the best known attacks are on 3 rounds vs 12, and libsodium has a hyper-optimized SIMD implementation it uses for Argon2. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1482#issuecomment-757601477___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RPMv6 proposal: Detached signatures (#1482)
Why Blake2b? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1482#issuecomment-757565558___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RPMv6 proposal: Detached signatures (#1482)
Some of the advantages of this approach: - The initial hash covers the entire package, and does not need to be updated when signatures are added or removed. - Multiple signatures are automatically supported. - Signatures are timestamped and can expire. - Key fingerprints include the algorithm as part of the hash, so if there are no trusted keys that use a certain algorithm, that algorithm cannot be used. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1482#issuecomment-757565273___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
Re: [Rpm-maint] [rpm-software-management/rpm] RPMv6 proposal: Detached signatures (#1482)
That’s understandable. Ideally, this blob would be as simple as possible; the current signature blob is more complicated than necessary. What about a Blake2b hash of the lead+header+payload, followed by a list of (length, timestamp, expiration, Blake2b hash of (algorithm ID||public key), raw binary signature blob) tuples? The signature would be over the Blake2b hash of all data between the package hash (inclusive) and the signature blob (exclusive). This would include the signature’s own length, timestamp, expiration date, and (algorithm ID||public key) hash. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1482#issuecomment-757563662___ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint