[Bug 1461834] Re: 1024-bit signing keys should be deprecated
This should be fixed now, PPAs are signed with 4096 bit keys, existing 1024 ones have been dual signed now and the end point gives you 4096 bit keys if you add them. ** Changed in: launchpad Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
Jake, some progress is underway for Launchpad to automatically sign PPAs with RSA4096 keys https://discourse.ubuntu.com/t/new-requirements-for- apt-repository-signing-in-24-04/42854 It's also possible to dual-sign non-ppa repositories, eg: curl -s http://archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease | gpg --verify This can really help migrating from unsafe key sizes to safe key sizes. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
Enabling FIPS on Ubuntu Pro 22.04+ machines [1] drops rsa1024 as an available encryption key because rsa1024 isn't FIPS compliant. Therefore, adding rsa1024 signed apt keys here isn't possible. Does anyone have suggestions to work around this? I've asked if maintainers could resign apt keys for relevant repos but haven't heard back. Additionally, adding apt keys before enabling FIPS works, but future apt updates unfortunately fail afterwards. [1] https://ubuntu.com/security/certifications/docs/fips-enablement -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
> GPG does not provide a way for APT to validate key lengths when the signature is verified, so we did all we could do here. Some pages, like https://launchpad.net/~fnu/+archive/ubuntu/main-fnu/ say "Signing key: 1024R" when you click on "Technical details about this PPA". So launchpad clearly knows, and at the very least it *must* put a big warning on such pages, so as not to fool users into compromising the security of their computers. It's not true to say there's nothing launchpad can do. Since the underlying problem is clearly real, why is this launchpad bug still 'New' and not 'Confirmed' after more than 6 years 2 months? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
** Description changed: - 1024-bit RSA เลิกใช้แล้วเมื่อหลายปีก่อนโดย NIST [1], Microsoft [2] - และอื่น ๆ เมื่อไม่นานมานี้ [3] + 1024-bit RSA was deprecated years ago by NIST[1], Microsoft[2] and more + recently by others[3]. - คีย์การลงชื่อ 1024 - บิตไม่เพียงพอที่จะรับประกันความถูกต้องของซอฟต์แวร์ที่แจกจ่ายจาก - Launchpad.net รวมถึง PPA - ควรมีกลไกในการปฏิเสธการเซ็นชื่อคีย์ด้านล่างความยาวคีย์ต่ำสุดตามชนิดของคีย์ - คีย์การเซ็นชื่อ 1024 บิตควรเลิกใช้แล้วนำออกจาก Launchpad.net - โดยเร็วที่สุด โครงการในอนาคตและ PPAs ควรถูกห้ามไม่ให้ใช้คีย์การลงชื่อ - 1024 บิต + 1024-bit signing keys are insufficient to guarantee the authenticity of + software distributed from Launchpad.net including PPAs. There should be + a mechanism to refuse signing keys below a minimum key length based on + key type. 1024-bit signing keys should be deprecated and removed from + Launchpad.net itself ASAP. Future projects and PPAs should be + disallowed from using 1024-bit signing keys. 1. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf 2. http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx 3. https://threatpost.com/mozilla-1024-bit-cert-deprecation-leaves-107000-sites-untrusted/108114 ** Changed in: launchpad Assignee: wachirapranee tesprasit (tatar28) => (unassigned) ** Changed in: apt (Ubuntu) Assignee: wachirapranee tesprasit (tatar28) => (unassigned) ** Changed in: gnupg2 (Ubuntu) Assignee: wachirapranee tesprasit (tatar28) => (unassigned) ** Changed in: launchpad Status: Fix Released => New ** Changed in: apt (Ubuntu) Status: Fix Released => Invalid ** Changed in: gnupg2 (Ubuntu) Status: Fix Released => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
** Changed in: apt (Ubuntu) Status: Invalid => Confirmed ** Changed in: launchpad Status: New => Confirmed ** Changed in: launchpad Assignee: (unassigned) => wachirapranee tesprasit (tatar28) ** Changed in: apt (Ubuntu) Assignee: (unassigned) => wachirapranee tesprasit (tatar28) ** Changed in: gnupg2 (Ubuntu) Assignee: (unassigned) => wachirapranee tesprasit (tatar28) ** Changed in: launchpad Status: Confirmed => Fix Released ** Changed in: apt (Ubuntu) Status: Confirmed => Fix Released ** Changed in: gnupg2 (Ubuntu) Status: Confirmed => Fix Released ** Description changed: - 1024-bit RSA was deprecated years ago by NIST[1], Microsoft[2] and more - recently by others[3]. + 1024-bit RSA เลิกใช้แล้วเมื่อหลายปีก่อนโดย NIST [1], Microsoft [2] + และอื่น ๆ เมื่อไม่นานมานี้ [3] - 1024-bit signing keys are insufficient to guarantee the authenticity of - software distributed from Launchpad.net including PPAs. There should be - a mechanism to refuse signing keys below a minimum key length based on - key type. 1024-bit signing keys should be deprecated and removed from - Launchpad.net itself ASAP. Future projects and PPAs should be - disallowed from using 1024-bit signing keys. + คีย์การลงชื่อ 1024 + บิตไม่เพียงพอที่จะรับประกันความถูกต้องของซอฟต์แวร์ที่แจกจ่ายจาก + Launchpad.net รวมถึง PPA + ควรมีกลไกในการปฏิเสธการเซ็นชื่อคีย์ด้านล่างความยาวคีย์ต่ำสุดตามชนิดของคีย์ + คีย์การเซ็นชื่อ 1024 บิตควรเลิกใช้แล้วนำออกจาก Launchpad.net + โดยเร็วที่สุด โครงการในอนาคตและ PPAs ควรถูกห้ามไม่ให้ใช้คีย์การลงชื่อ + 1024 บิต 1. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf 2. http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx 3. https://threatpost.com/mozilla-1024-bit-cert-deprecation-leaves-107000-sites-untrusted/108114 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: gnupg2 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
Sign with two keys then, and try to tell people. After a period of time you could disable the old key (ie no longer sign anything with it) - for anyone who still hasn't updated their configuration their system will still work, but instead of updates they would get errors. Then they would update their config. (Note that all PPA packages are already available through TLS, eg https://launchpad.net/~fnu/+archive/ubuntu/main- fnu/+build/8797131/+files/cmake-qt-gui_2.8.12.2-3_amd64.deb but only for manual download. It is not used automatically by apt, so to be secure you have to identify and manually download a lot of packages. These can be found through the 'View package details' link at the top right on all PPA main pages) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
Julian, I'm afraid that for better or worse Launchpad did generate 1024-bit RSA keys for PPAs for quite some time, and that wasn't an entirely silly decision back when it was first made - even then DSA had known weaknesses. It's a problem, but as you say we'd need to work out a rollover mechanism. Signing with two keys is certainly a possibility (we did that with the Ubuntu archive for a while, so it's battle- tested), and I expect that any solution to this would involve that, but there's no clear way to end the transition. Bob, I'm afraid that your proposed "simple" workaround is no such thing (a naive implementation would expose launchpad.net to XSS attacks from user-supplied content on ppa.launchpad.net). I listed the issues that would need to be solved in bug 1473091. Anyway, TLS is a side issue here and this bug shouldn't be derailed into that. We are very unlikely to do any of the proposed renaming/mirroring hacks; they would be a mess and likely a cure worse than the disease. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
Regarding launchpad: I'm not sure what that bug is achieving. The proposal with the rename is fairly useless, you could just add the safe key to the existing repository. The biggest problem in practice is rolling out a new key to users, as there is no mechanism for that. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
APT currently rejects all non-SHA2 hashes, which excludes 1024 bit DSA keys (the only 1024 bit keys in use, really). All repositories were told to update to 2048 or 4096 bit RSA keys. GPG does not provide a way for APT to validate key lengths when the signature is verified, so we did all we could do here. Any future change needs to be made in gpg (reject all DSA/RSA keys less than 2048 bit). ** Changed in: apt (Ubuntu) Status: Confirmed => Invalid ** Also affects: gnupg2 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
Side note: It's incredibly funny how the bug report talks about 1024 bit RSA keys, when such keys have likely never been used by anyone (all 1024 bit keys I know about were DSA). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
> This means a man-in-the-middle can gain root access, just by inserting their > own version of one of the packages into this network traffic, because updates > run as root. They can first obtain the public 1024 bit key from the PPA, then > spend as long as they want working out the private key, then sign their false > updates with the real private key. > > A bug that allows complete compromise of most Ubuntu machines without > requiring any user involvement is a very serious bug. Why hasn't this even > been assigned to anyone, nearly 2 years after it was reported? I suppose people will be wondering why it wasn't fixed once a Snowden- style leak drops showing that this vulnerability was exploited for years. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
Launchpad could *automatically* create a mirror of any PPA that still uses a 1024 bit key, with a standard suffix to the name, eg xyzppa gets mirrored as xyzppa-newkey. It could then link to it from the page for the original PPA. It would always have all the same source, built files and other content, and the content would only need to be stored once on the server. It would just be a different way of accessing the same PPA. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
Updates usually run automatically in the background, including from PPAs, and are unencrypted. This means a man-in-the-middle can gain root access, just by inserting their own version of one of the packages into this network traffic, because updates run as root. They can first obtain the public 1024 bit key from the PPA, then spend as long as they want working out the private key, then sign their false updates with the real private key. A bug that allows complete compromise of most Ubuntu machines without requiring any user involvement is a very serious bug. Why hasn't this even been assigned to anyone, nearly 2 years after it was reported? This makes many PPAs unusable. https://en.wikipedia.org/wiki/Key_size#Asymmetric_algorithm_key_lengths 'RSA claims that 1024-bit keys are likely to become crackable some time between 2006 and 2010' https://www.symantec.com/page.jsp?id=1024-bit-migration-faq#issue In compliance with Certification Authority/Browser forum requirements based on NIST Special Publication 800-131A, at the end of 2013 all web browsers and Certification Authorities (CAs) will no longer sell or support 1024-bit RSA certificates. All certificates less than 2048-bit key length will need to be revoked and replaced with certificates with a higher encryption strength. Network connections are secured with at least 2048 bits. Installing software allows root access and should probably be secured with at least 4096 bits. Any system using keys has to have a way to change to a new key, that's a basic requirement. You could force all 1024 bit keys to 4096 bits - this might break existing updates, but they are already 'broken' by being vulnerable. Or sign with 2 keys, so a new subscriber will only use the newer one, but old subscribers who don't do anything about it will still use the old key. Or re-issue the entire PPA namespace, ie ppa2:... Or do some other such thing, eg update the client to include a newer protocol version number in its requests. A simple workaround for launchpad to apply would be to change the urls in files in /etc/apt/sources.list.d/ to use https://ppa.launchpad.net/ instead of http://ppa.launchpad.net/ (and change the server to support it). This would only need to be done for any PPA still using a 1024 bit key. Then at least the packages would be authenticated by TLS, which already uses 2048 bit keys. ** Also affects: launchpad Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
** Tags added: encryption needs-update security vulnerability -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
I disagree with the "no longer affects" Launchpad. This is a matter of policy and as such very definitely DOES affect Launchpad, regardless of the resolution of bug #1331914. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
Launchpad has used 4096-bit RSA keys for new PPAs since bug #1240681 was fixed. Allowing PPA owners to replace the old 1024-bit keys is bug #1331914. ** No longer affects: launchpad -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
It might be nice if apt could be configured with "minimum accepted algorithms" or "required algorithms", to allow administrators to require e.g. sha256 or sha3 or blake2b, or rsa 4096 or ed25519, etc. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: apt (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1461834] Re: 1024-bit signing keys should be deprecated
** Also affects: apt (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461834 Title: 1024-bit signing keys should be deprecated To manage notifications about this bug go to: https://bugs.launchpad.net/launchpad/+bug/1461834/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs