On Mon, Jan 17, 2022 at 4:44 PM Ken Dreyer <ktdreyer@xxxxxxxxxxxx> wrote:
> Something else I'm wondering: rpmsign writes those four-byte "keyid"
> values to my FILESIGNATURE entries even if I don't have a public cert
> at all. How does it do that? I see verify_rpm.py checks the RPM's
> keyid values against the final four bytes of a sha1 of a public
> certificate, but what if I haven't generated that yet?
I understand this part about public and private certs now.
python-cryptography can read the values from the RSA private keyfile
to determine the public key values.
This Python script will find the IMA-style keyid from a RSA private keyfile:
with open('privatekey.pem', 'rb') as f:
key = serialization.load_pem_private_key(f.read(),
password=None,
backend=default_backend())
public_key = key.public_key()
# The "keyid" is the SHA1 hash of the DER-encoded ASN.1 sequence of the
# modulus and exponent of an RSA public key. (public_key.public_numbers() "n"
# and "e"). This method does it for us:
public_key_id = x509.SubjectKeyIdentifier.from_public_key(public_key)
# The IMA signature's "keyid" is the last four bytes of this SHA1 digest.
ima_keyid = public_key_id.digest[-4:]
print(ima_keyid)
I've been concerned for a while that Koji uses small GPG key ID
values, for the reasons explained at https://evil32.com/
When it comes to IMA signature handling with Koji, I don't want to use
small key ID lengths for that either. Even sha1 is pretty weak now. Is
there any chance of using stronger key IDs for IMA?
- Ken
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
