Date: Tue, 14 Jan 2014 18:44:42 -0800 From: Yuri <yuri@rawbw.com> To: Baptiste Daroussin <bapt@FreeBSD.org> Cc: freebsd-pkg@FreeBSD.org Subject: Re: Does pkg check signatures? Message-ID: <52D5F61A.4030807@rawbw.com> In-Reply-To: <20140114134820.GC77567@ithaqua.etoilebsd.net> References: <52D5269A.5090803@rawbw.com> <52D52926.5090104@infracaninophile.co.uk> <52D530CE.4090908@rawbw.com> <20140114125830.GB77567@ithaqua.etoilebsd.net> <52D53B5E.9020705@rawbw.com> <20140114134820.GC77567@ithaqua.etoilebsd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01/14/2014 05:48, Baptiste Daroussin wrote: > secteam doesn't seem to agree with you, talk to them. Since I didn't find any documentation on how security of package transfer works, I did some debugging and learned from there. The files downloaded from repository are gzipped tar archive with .txz extension, and contain 3 files inside. For example, if the file is mydist.txz, it would be contain these files: * mydist.pub -- RSA public key, always the same in all archives * mydist.sig -- 256 byte binary RSA signature of mydist file * mydist -- the payload file The fingerprint file /usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 contains the SHA256 hash of the .pub file from all .txz archives. So that all those .pub files are the same, and the secret key is merely its verification fingerprint. .sig file is the RSA signature of the payload file. Verification of mydist payload is done using .pub certificate. So this whole process appears to be secure. What confused me is the term "fingerprint". The only question that I still have is this: Why this "fingerprint" is introduced here? Why not just store the corresponding .pub file over there as a trusted key? Since this public key is what is used for verification, and there is 1-1 relationship, unless sha256 gets broken. Eliminating one concept would have made this system simpler, and wouldn't have required to have "fingerprint" term there. Yuri
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52D5F61A.4030807>