Re: [PATCH v6 5/9] ssh signing: parse ssh-keygen output and verify signatures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 29.07.21 15:52, Fabian Stelzer wrote:
On 29.07.21 11:48, Fabian Stelzer wrote:
On 29.07.21 01:04, Jonathan Tan wrote:
to verify a ssh signature we first call ssh-keygen -Y find-principal to
look up the signing principal by their public key from the
allowedSignersFile. If the key is found then we do a verify. Otherwise
we only validate the signature but can not verify the signers identity.

Is this the same behavior as GPG signing in Git?

Not quite. GPG requires every signers public key to be in the keyring. But even then, the "UNDEFINED" Trust level is enough to be valid for commits (but not for merges). For SSH i did set the unknown keys to UNDEFINED as well and they will show up as valid but not have a principal to identify them. This way a project can decide wether to accept unknown keys by setting the gpg.mintrustlevel. So the default behaviour is different.
The alternative would be to treat unknown keys always as invalid.


I thought a bit more about this and my approach is indeed problematic especially when a repo has both gpg and ssh signatures. The trust level setting can then not behave differently for both.

My intention of still showing valid but unknown signatures in the log as ok (but unknown) was to encourage users to always sign their work even if they are not (yet) trusted in the allowedSignersFile.

I think the way forward should be to treat unknown singing keys as not verified like gpg does.

If a ssh key is verified and in the allowedSignersFile i would still set its trust level to "FULLY".

i dug a bit deeper into the gpg code/tests and it actually already behaves the same. untrusted signatures still return successfull on a verify-commit/tag even if the key is completely untrusted. my patch does the same thing for ssh signatures. i'll send a new revision later today with all the other fixes.



[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux