From dc89c4d16b754408f5e24067073ead1e9e231c48 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Tue, 12 May 2009 00:42:37 -0400 Subject: pem2openpgp now makes signatures over SHA256 instead of SHA1, due to concerns about the growing weakness of SHA1. --- packaging/debian/changelog | 1 + src/share/keytrans | 15 +++++++++------ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/packaging/debian/changelog b/packaging/debian/changelog index b6592ad..fa94721 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -8,6 +8,7 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low - fix monkeysphere update-known_hosts for sshd running on non-standard ports - add 'sshfpr' subcommand to output the ssh fingerprint of a gpg key + - pem2openpgp now generates self-sigs over SHA-256 instead of SHA-1 - some portability improvements * update Standard-Version to 3.8.1 diff --git a/src/share/keytrans b/src/share/keytrans index f9288fa..516f2da 100755 --- a/src/share/keytrans +++ b/src/share/keytrans @@ -426,7 +426,7 @@ sub pem2openpgp { my $uid = shift; my $args = shift; - $rsa->use_sha1_hash(); + $rsa->use_sha256_hash(); # see page 22 of RFC 4880 for why i think this is the right padding # choice to use: @@ -442,7 +442,7 @@ sub pem2openpgp { # RSA my $pubkey_algo = pack('C', $asym_algos->{rsa}); # SHA1 - my $hash_algo = pack('C', $digests->{sha1}); + my $hash_algo = pack('C', $digests->{sha256}); # FIXME: i'm worried about generating a bazillion new OpenPGP # certificates from the same key, which could easily happen if you run @@ -497,11 +497,14 @@ sub pem2openpgp { $ciphers->{tripledes} ); - # prefer SHA-1, SHA-256, RIPE-MD/160 - my $pref_hash_algos = pack('CCCCC', 4, $subpacket_types->{preferred_digest}, - $digests->{sha1}, + # prefer SHA-512, SHA-384, SHA-256, SHA-224, RIPE-MD/160, SHA-1 + my $pref_hash_algos = pack('CCCCCCCC', 7, $subpacket_types->{preferred_digest}, + $digests->{sha512}, + $digests->{sha384}, $digests->{sha256}, - $digests->{ripemd160} + $digests->{sha224}, + $digests->{ripemd160}, + $digests->{sha1} ); # prefer ZLIB, BZip2, ZIP -- cgit v1.2.3 From e2e86b09f48ae9e3c115a7215256ac1345f86a5c Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 21 May 2009 13:06:18 -0400 Subject: properly match fingerprints with leading 0 bytes (https://labs.riseup.net/code/issues/show/831) --- packaging/debian/changelog | 4 +++- src/share/keytrans | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/packaging/debian/changelog b/packaging/debian/changelog index fa94721..e8e535a 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -10,9 +10,11 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low - add 'sshfpr' subcommand to output the ssh fingerprint of a gpg key - pem2openpgp now generates self-sigs over SHA-256 instead of SHA-1 - some portability improvements + - properly handle translation of keys with fingerprints with leading + all-zero bytes. * update Standard-Version to 3.8.1 - -- Jameson Graef Rollins Thu, 30 Apr 2009 15:34:28 -0700 + -- Daniel Kahn Gillmor Thu, 21 May 2009 13:04:10 -0400 monkeysphere (0.24-1) unstable; urgency=low diff --git a/src/share/keytrans b/src/share/keytrans index 516f2da..c47ccdc 100755 --- a/src/share/keytrans +++ b/src/share/keytrans @@ -690,6 +690,8 @@ sub openpgp2ssh { my $foundfpr = fingerprint($pubkey, $timestamp); my $foundfprstr = Crypt::OpenSSL::Bignum->new_from_bin($foundfpr)->to_hex(); + # left-pad with 0's to bring up to full 40-char (160-bit) fingerprint: + $foundfprstr = sprintf("%040s", $foundfprstr); # is this a match? if ((!defined($fpr)) || -- cgit v1.2.3