Re: [EXT] Re: [qubes-users] Verifying signatures
On 11/30/21 10:18 AM, Ulrich Windl wrote: On 11/30/21 12:32 PM, Andrew David Wong wrote: On 11/29/21 12:06 PM, 'Rune Philosof' via qubes-users wrote: When I follow the guide on https://www.qubes-os.org/security/verifying-signatures/ I get the following result ``` [vagrant@fedora ~]$ gpg2 --check-signatures "Qubes Master Signing Key" pub rsa4096 2010-04-01 [SC] 427F11FD0FAA4B080123F01CDDFA1A3E36879494 uid [ultimate] Qubes Master Signing Key sig!3 DDFA1A3E36879494 2010-04-01 Qubes Master Signing Key gpg: 1 good signature [vagrant@fedora ~]$ gpg2 --check-signatures "Qubes OS Release 4 Signing Key" pub rsa4096 2017-03-06 [SC] 5817A43B283DE5A9181A522E1848792F9E2795E9 uid [ unknown] Qubes OS Release 4 Signing Key sig!3 1848792F9E2795E9 2017-03-06 Qubes OS Release 4 Signing Key gpg: Note: third-party key signatures using the SHA1 algorithm are rejected gpg: (use option "--allow-weak-key-signatures" to override) sig% DDFA1A3E36879494 2017-03-08 [Invalid digest algorithm] gpg: 1 good signature gpg: 1 signature not checked due to an error ``` Is it because the master key is old and the old defaults are now considering too weak? I take it you're referring to the message about SHA1. I'm not certain, but we do have a related open issue, which the devs are working on now: https://github.com/QubesOS/qubes-issues/issues/6470 Also see the comments on this issue, which are even more specific to your question: https://github.com/QubesOS/qubes-issues/issues/4378 In particular, Marek commented (on #4378): "In general, it may be a good idea to create new signature using SHA256 or such, to ease the use with weak-digest SHA1 option enabled. But in practice, in the current state SHA1 problems doesn't affect security of the key itself, because there are no known pre-image attacks. New signatures are made with SHA256 hash function." If so, why not distribute a new one? It's not that simple. As Marek recently pointed out to me, "The current QMSK is well known and published in a lot of places (easing its verification), including various conference videos, physical t-shirts we sold, some stickers etc. With every new QMSK it will take time until it will be comparably easy to independently verify." But isn't that exactly the advantage of the "web of trust"?: You can sign the new key with your old key, and people will (have the chance to) trust the new key as well. The Web of Trust is only one of several different methods for authenticating the QMSK. Many of our users do not use the Web of Trust. Please read this for further details: https://www.qubes-os.org/security/verifying-signatures/#how-to-import-and-authenticate-the-qubes-master-signing-key Having said that, we do have an open issue for generating a new QMSK: https://github.com/QubesOS/qubes-issues/issues/2818 We likely will at some point, but it's not an action to be taken lightly. -- Andrew David Wong Community Manager The Qubes OS Project https://www.qubes-os.org -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/40a7697d-75ed-8883-0fde-d4b3f14d1ad9%40qubes-os.org.
Re: [EXT] Re: [qubes-users] Verifying signatures
On 11/30/21 12:32 PM, Andrew David Wong wrote: On 11/29/21 12:06 PM, 'Rune Philosof' via qubes-users wrote: When I follow the guide on https://www.qubes-os.org/security/verifying-signatures/ I get the following result ``` [vagrant@fedora ~]$ gpg2 --check-signatures "Qubes Master Signing Key" pub rsa4096 2010-04-01 [SC] 427F11FD0FAA4B080123F01CDDFA1A3E36879494 uid [ultimate] Qubes Master Signing Key sig!3 DDFA1A3E36879494 2010-04-01 Qubes Master Signing Key gpg: 1 good signature [vagrant@fedora ~]$ gpg2 --check-signatures "Qubes OS Release 4 Signing Key" pub rsa4096 2017-03-06 [SC] 5817A43B283DE5A9181A522E1848792F9E2795E9 uid [ unknown] Qubes OS Release 4 Signing Key sig!3 1848792F9E2795E9 2017-03-06 Qubes OS Release 4 Signing Key gpg: Note: third-party key signatures using the SHA1 algorithm are rejected gpg: (use option "--allow-weak-key-signatures" to override) sig% DDFA1A3E36879494 2017-03-08 [Invalid digest algorithm] gpg: 1 good signature gpg: 1 signature not checked due to an error ``` Is it because the master key is old and the old defaults are now considering too weak? I take it you're referring to the message about SHA1. I'm not certain, but we do have a related open issue, which the devs are working on now: https://github.com/QubesOS/qubes-issues/issues/6470 Also see the comments on this issue, which are even more specific to your question: https://github.com/QubesOS/qubes-issues/issues/4378 In particular, Marek commented (on #4378): "In general, it may be a good idea to create new signature using SHA256 or such, to ease the use with weak-digest SHA1 option enabled. But in practice, in the current state SHA1 problems doesn't affect security of the key itself, because there are no known pre-image attacks. New signatures are made with SHA256 hash function." If so, why not distribute a new one? It's not that simple. As Marek recently pointed out to me, "The current QMSK is well known and published in a lot of places (easing its verification), including various conference videos, physical t-shirts we sold, some stickers etc. With every new QMSK it will take time until it will be comparably easy to independently verify." But isn't that exactly the advantage of the "web of trust"?: You can sign the new key with your old key, and people will (have the chance to) trust the new key as well. Having said that, we do have an open issue for generating a new QMSK: https://github.com/QubesOS/qubes-issues/issues/2818 We likely will at some point, but it's not an action to be taken lightly. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/50280468-944c-348a-794f-a6b1b1c4dc86%40rz.uni-regensburg.de.
Re: [qubes-users] Verifying signatures
On 11/29/21 12:06 PM, 'Rune Philosof' via qubes-users wrote: When I follow the guide on https://www.qubes-os.org/security/verifying-signatures/ I get the following result ``` [vagrant@fedora ~]$ gpg2 --check-signatures "Qubes Master Signing Key" pub rsa4096 2010-04-01 [SC] 427F11FD0FAA4B080123F01CDDFA1A3E36879494 uid [ultimate] Qubes Master Signing Key sig!3DDFA1A3E36879494 2010-04-01 Qubes Master Signing Key gpg: 1 good signature [vagrant@fedora ~]$ gpg2 --check-signatures "Qubes OS Release 4 Signing Key" pub rsa4096 2017-03-06 [SC] 5817A43B283DE5A9181A522E1848792F9E2795E9 uid [ unknown] Qubes OS Release 4 Signing Key sig!31848792F9E2795E9 2017-03-06 Qubes OS Release 4 Signing Key gpg: Note: third-party key signatures using the SHA1 algorithm are rejected gpg: (use option "--allow-weak-key-signatures" to override) sig% DDFA1A3E36879494 2017-03-08 [Invalid digest algorithm] gpg: 1 good signature gpg: 1 signature not checked due to an error ``` Is it because the master key is old and the old defaults are now considering too weak? I take it you're referring to the message about SHA1. I'm not certain, but we do have a related open issue, which the devs are working on now: https://github.com/QubesOS/qubes-issues/issues/6470 Also see the comments on this issue, which are even more specific to your question: https://github.com/QubesOS/qubes-issues/issues/4378 In particular, Marek commented (on #4378): "In general, it may be a good idea to create new signature using SHA256 or such, to ease the use with weak-digest SHA1 option enabled. But in practice, in the current state SHA1 problems doesn't affect security of the key itself, because there are no known pre-image attacks. New signatures are made with SHA256 hash function." If so, why not distribute a new one? It's not that simple. As Marek recently pointed out to me, "The current QMSK is well known and published in a lot of places (easing its verification), including various conference videos, physical t-shirts we sold, some stickers etc. With every new QMSK it will take time until it will be comparably easy to independently verify." Having said that, we do have an open issue for generating a new QMSK: https://github.com/QubesOS/qubes-issues/issues/2818 We likely will at some point, but it's not an action to be taken lightly. -- Andrew David Wong Community Manager The Qubes OS Project https://www.qubes-os.org -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/040578c4-101b-3276-b71d-521206ff3de7%40qubes-os.org.
[qubes-users] Verifying signatures
When I follow the guide on https://www.qubes-os.org/security/verifying-signatures/ I get the following result ``` [vagrant@fedora ~]$ gpg2 --check-signatures "Qubes Master Signing Key" pub rsa4096 2010-04-01 [SC] 427F11FD0FAA4B080123F01CDDFA1A3E36879494 uid [ultimate] Qubes Master Signing Key sig!3DDFA1A3E36879494 2010-04-01 Qubes Master Signing Key gpg: 1 good signature [vagrant@fedora ~]$ gpg2 --check-signatures "Qubes OS Release 4 Signing Key" pub rsa4096 2017-03-06 [SC] 5817A43B283DE5A9181A522E1848792F9E2795E9 uid [ unknown] Qubes OS Release 4 Signing Key sig!31848792F9E2795E9 2017-03-06 Qubes OS Release 4 Signing Key gpg: Note: third-party key signatures using the SHA1 algorithm are rejected gpg: (use option "--allow-weak-key-signatures" to override) sig% DDFA1A3E36879494 2017-03-08 [Invalid digest algorithm] gpg: 1 good signature gpg: 1 signature not checked due to an error ``` Is it because the master key is old and the old defaults are now considering too weak? If so, why not distribute a new one? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5a43c954-21a7-4aaf-8589-218dc1f911acn%40googlegroups.com.