[Swan-dev] Libreswan signing key (907E790F25C1E8E561CD73B585FF4B43B30FC6F9)

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu May 26 00:37:37 EEST 2022 

Hi folks--

I just noticed that the self-sigs over the libreswan signing key and its
subkey binding signature are all made using SHA1.

As SHA1 is further deprecated, this makes the certificate difficult to
use, since the self-sig is what asserts signing capabilities from the
primary key -- if the self-sig is considerd invalid because of, say, an
implementation declining to accept SHA-1 digests, then the primary key
isn't considered signing-capable, which means that signatures made by it
won't be considered valid.

the digest used in the subkey-binding signature is relevant if you want
to be able to receive encrypted mail (e.g. security bug reports).

To fix this, just re-issue the self-sigs and subkey binding signatures
with a stronger digest (at least SHA2-256).

If you're using a modern version of GnuPG that has access to the secret
key, the arcane command to do that is probably something like:

   gpg --cert-digest-algo sha256 --quick-set-expire 907E790F25C1E8E561CD73B585FF4B43B30FC6F9 0
   gpg --cert-digest-algo sha256 --quick-set-expire 907E790F25C1E8E561CD73B585FF4B43B30FC6F9 0 '*'

and then re-export and re-publish the OpenPGP certificate wherever it's
published (at least in LIBRESWAN-GPG-KEY.txt in the git repo).

The first line updates the expiration date and re-issues the self-sig
for the primary key, the second handles the subkey binding signature.

Note that leaving the expiration date unset (the "0" above) might itself
be problematic if you ever lose control over the key and you don't have
any revocation certificate handy, but that's a separate question.  i'd
recommend setting an expiration date of "2y" (instead of "0" above), and
then just repeat this process every time you have a release.  Since
releases come out in a less-than-2-year cadence, this should be fine.

But i'd be happy for now with just a primary key with a non-SHA1
self-sig.

Thanks for maintaining libreswan!

       --dkg 

PS here's the diagnosis:

The "sig:.*:2:" lines are SHA1 signatures here:

0 dkg at alice:~$ gpg --with-colons --check-sigs 907E790F25C1E8E561CD73B585FF4B43B30FC6F9 
tru::1:1652480124:1691085522:3:1:5
pub:-:4096:1:85FF4B43B30FC6F9:1357089367:::-:::scESC::::::23::0:
fpr:::::::::907E790F25C1E8E561CD73B585FF4B43B30FC6F9:
uid:-::::1357089367::ED0B44951C7DD5295C3DDEF9C67942731B01068E::Libreswan (Signing Key) <team at libreswan.org>::::::::::0:
sig:!::1:85FF4B43B30FC6F9:1357089367::::Libreswan (Signing Key) <team at libreswan.org>:13x:::::2:
sig:?::1:E71806A6B5CC27E1:1357192633:::::10x:::::8:
sig:!::1:C30040228501D2EC:1357583027:::::10x:::::2:
sig:!::1:467564B7505DA62B:1420472842:::::10x:::::2:
sig:!::1:62D3582FE0FD94D2:1418273023:::::10x:::::8:
sig:?::1:CCD2ED94D21739E9:1490035473:1553107473::::10l::0EE5BE979282D80B9F7540F1CCD2ED94D21739E9:::10:
sub:-:4096:1:43CD400C70C28757:1357089367::::::e::::::23:
fpr:::::::::1CF137415217927923F01BB943CD400C70C28757:
sig:!::1:85FF4B43B30FC6F9:1357089367::::Libreswan (Signing Key) <team at libreswan.org>:18x:::::2:
0 dkg at alice:~$ 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan-dev/attachments/20220525/d603999a/attachment.sig>

More information about the Swan-dev mailing list