View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001254 | Main CAcert Website | website content | public | 2014-03-02 16:17 | 2020-05-22 11:30 |
Reporter | BenBE | Assigned To | BenBE | ||
Priority | high | Severity | major | Reproducibility | always |
Status | fix available | Resolution | open | ||
Product Version | 2014 Q1 | ||||
Target Version | 2014 Q2 | ||||
Summary | 0001254: Update the signed PGP-Message containing the fingerprints of CAcert | ||||
Description | Raised by a message on the mailing list there is little apriori information that enables someone distrusting the CAcert class 1 root to verify its integrity and authenticity with the information provided in the root certificate download section (index/3). Given you can trace a trust path from your OpenPGP key to the one used to sign the message with the information you should be able to fully verify the information on that page. Unfortunately the current signature only covers the MD5 and SHA1 hash of the certificate - which both constitute weak hashes in todays standards. Thus it'd be nice to have the GnuPG signature be updated to include a much broader set of hashes. See below for more details. | ||||
Steps To Reproduce | Try to verify the CAcert Class 1 Root certificate and CAcert Class 3 Intermediate certificate only by trusting the information in the block on index/3 while distrusting MD5 entirely and assuming SHA1 to be unreliable. | ||||
Additional Information | A better informational block captured in the signature might look like: --- Fingerprints for the CAcert Class 1 Root certificate: ===================================================== for a in md4 md5 sha1 ripemd160 sha224 sha256 sha384 sha512 whirlpool; do \ openssl x509 -noout -fingerprint -$a -in class1.pem ; done MD4 Fingerprint= EB:36:C3:01:E3:AC:CE:CE:D1:C1:DF:A5:D8:17:BC:50 MD5 Fingerprint= A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B SHA1 Fingerprint= 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33 RIPEMD160 Fingerprint= EA:B7:2F:F1:24:04:4B:57:D4:45:BE:97:E7:3B:CD:92:C2:6D:AE:1D SHA224 Fingerprint= 60:1D:E5:E5:56:C9:91:B6:BD:A6:75:43:FB:5C 73:71:BD:E1:27:FF:A6:84:24:2F:66:F3:16:88 SHA256 Fingerprint= FF:2A:65:CF:F1:14:9C:74:30:10:1E:0F:65:A0:7E:C1 91:83:A3:B6:33:EF:4A:65:10:89:0D:AD:18:31:6B:3A SHA384 Fingerprint= DF:63:0B:17:89:70:CF:75:B1:E2:4E:F0:DD:7B:F5:24 B6:9D:64:80:6E:D1:EC:07:BF:D5:F7:AB:32:DE:96:51 9D:46:CC:CA:D3:B3:E3:89:40:6E:7B:A8:2B:55:B4:B6 SHA512 Fingerprint= EB:0A:D8:4F:11:B4:B0:8B:F7:6C:78:66:EF:32:84:22 92:BB:B2:86:2F:B6:FC:49:C0:A3:F8:07:62:9C:A8:F5 DD:28:A0:DE:7B:0C:04:D5:66:02:0A:C4:FF:2B:A4:4E 2F:61:2A:A5:8A:1A:E4:CC:AC:E4:86:D2:44:95:2F:C2 whirlpool Fingerprint= 64:9E:AB:97:59:10:EF:E0:DD:78:D2:A8:B4:B1:D1:6B A4:08:39:42:50:F0:1A:A8:6E:38:B4:4A:52:2B:35:75 ED:98:4A:C9:53:77:BD:DA:E2:18:41:8C:BD:21:41:1A EC:53:E2:08:FF:21:31:A2:B2:CF:F3:FB:81:79:AF:D7 Fingerprints for the CAcert Class 3 Intermediate certificate: ============================================================= for a in md4 md5 sha1 ripemd160 sha224 sha256 sha384 sha512 whirlpool; do \ openssl x509 -noout -fingerprint -$a -in class3.pem ; done MD4 Fingerprint= 60:B7:CD:A2:F2:18:55:3F:1B:F0:43:31:A4:06:82:9C MD5 Fingerprint= F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42 SHA1 Fingerprint= AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE RIPEMD160 Fingerprint= 41:A5:08:B6:C7:35:54:58:0E:F6:EE:C1:86:FA:A3:6D:BF:E9:D5:E1 SHA224 Fingerprint= 90:C6:94:5B:4B:91:D3:72:49:BD:CD:D2:A4:51 CC:24:A6:E0:8A:1D:ED:1E:E3:C4:53:7C:17:21 SHA256 Fingerprint= 4E:DD:E9:E5:5C:A4:53:B3:88:88:7C:AA:25:D5:C5:C5 BC:CF:28:91:D7:3B:87:49:58:08:29:3D:5F:AC:83:C8 SHA384 Fingerprint= DF:92:B7:83:6F:2A:CD:A0:07:9A:0B:14:7C:C8:D5:92 20:E7:6C:76:61:9A:75:3C:0B:64:D1:3F:13:E3:A5:CB C6:81:92:0A:86:62:A0:95:44:03:DE:10:AB:72:1D:B1 SHA512 Fingerprint= 3C:6E:24:87:E4:9F:43:06:15:E4:E5:7C:9D:8D:67:5F 36:41:FC:00:3F:7D:95:26:DD:BC:AA:35:DA:6D:5D:B4 B1:59:03:47:62:BA:BA:4C:29:98:60:42:96:EC:C3:11 5F:AB:81:2F:04:F0:E4:D4:B2:EE:C6:9C:B3:B8:3B:F1 whirlpool Fingerprint= 78:64:5C:D2:20:2A:DB:CC:54:3D:26:38:71:E7:17:15 66:A0:88:47:E3:E2:26:31:B4:CD:63:7B:B1:D2:53:AC EE:0B:19:2A:0C:4F:82:6B:AB:8B:14:0F:09:9D:99:BD 3B:9E:5D:E8:A6:CA:6D:3D:B6:33:08:52:AA:5F:C4:46 Fingerprints for the CAcert OpenPGP signing key: ================================================ LC_ALL=C gpg --list-key --fingerprint gpg@cacert.org pub 1024D/65D0FD58 2003-07-11 [expires: 2033-07-03] Key fingerprint = A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58 uid CA Cert Signing Authority (Root CA) <gpg@cacert.org> sub 2048g/113ED0F2 2003-07-11 [expires: 2033-07-03] --- This also gives instructions on how to obtain the information presented in the signature block and thus helping people verify this data. | ||||
Tags | No tags attached. | ||||
Attached Files | |||||
Reviewed by | |||||
Test Instructions | |||||
|
Actually, the simplest to use (from GPG user perspective) seems to me to sign the complete key (root.crt, root.der, root.txt) and supply the detached signature. It is the usual procedure and then you need only GnuPG for verifying and don't have to verify the hashes, find the bloody openssl syntax and then compare again manually the hashes. |
|
Updated version shortened to only include SHA1, SHA-256, SHA-512 and Whirlpool for better compatibility to the average user: --- Fingerprints for the CAcert Class 1 Root certificate: ===================================================== for a in sha1 sha256 sha512 whirlpool; do \ openssl x509 -noout -fingerprint -$a -in class1.pem ; done SHA1 Fingerprint= 13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33 SHA256 Fingerprint= FF:2A:65:CF:F1:14:9C:74:30:10:1E:0F:65:A0:7E:C1 91:83:A3:B6:33:EF:4A:65:10:89:0D:AD:18:31:6B:3A SHA512 Fingerprint= EB:0A:D8:4F:11:B4:B0:8B:F7:6C:78:66:EF:32:84:22 92:BB:B2:86:2F:B6:FC:49:C0:A3:F8:07:62:9C:A8:F5 DD:28:A0:DE:7B:0C:04:D5:66:02:0A:C4:FF:2B:A4:4E 2F:61:2A:A5:8A:1A:E4:CC:AC:E4:86:D2:44:95:2F:C2 whirlpool Fingerprint= 64:9E:AB:97:59:10:EF:E0:DD:78:D2:A8:B4:B1:D1:6B A4:08:39:42:50:F0:1A:A8:6E:38:B4:4A:52:2B:35:75 ED:98:4A:C9:53:77:BD:DA:E2:18:41:8C:BD:21:41:1A EC:53:E2:08:FF:21:31:A2:B2:CF:F3:FB:81:79:AF:D7 Fingerprints for the CAcert Class 3 Intermediate certificate: ============================================================= for a in sha1 sha256 sha512 whirlpool; do \ openssl x509 -noout -fingerprint -$a -in class3.pem ; done SHA1 Fingerprint= AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE SHA256 Fingerprint= 4E:DD:E9:E5:5C:A4:53:B3:88:88:7C:AA:25:D5:C5:C5 BC:CF:28:91:D7:3B:87:49:58:08:29:3D:5F:AC:83:C8 SHA512 Fingerprint= 3C:6E:24:87:E4:9F:43:06:15:E4:E5:7C:9D:8D:67:5F 36:41:FC:00:3F:7D:95:26:DD:BC:AA:35:DA:6D:5D:B4 B1:59:03:47:62:BA:BA:4C:29:98:60:42:96:EC:C3:11 5F:AB:81:2F:04:F0:E4:D4:B2:EE:C6:9C:B3:B8:3B:F1 whirlpool Fingerprint= 78:64:5C:D2:20:2A:DB:CC:54:3D:26:38:71:E7:17:15 66:A0:88:47:E3:E2:26:31:B4:CD:63:7B:B1:D2:53:AC EE:0B:19:2A:0C:4F:82:6B:AB:8B:14:0F:09:9D:99:BD 3B:9E:5D:E8:A6:CA:6D:3D:B6:33:08:52:AA:5F:C4:46 Fingerprints for the CAcert OpenPGP signing key: ================================================ LC_ALL=C gpg --list-key --fingerprint gpg@cacert.org pub 1024D/65D0FD58 2003-07-11 [expires: 2033-07-03] Key fingerprint = A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58 uid CA Cert Signing Authority (Root CA) <gpg@cacert.org> sub 2048g/113ED0F2 2003-07-11 [expires: 2033-07-03] --- @dominiks: Detached signatures for the downloadable files are a ice idea but are impractical in some situations when encoding/line endings differ or other issues on the client side arise for verification. Furthermore does a detached signature only provide one validation - with this somewhat longer text you have different test vectors so you desire to test them or one turns out unreliable. |
|
A script has been written which can be used on the signing server to collect all the signatures requested for this issue. The script is attached. |
|
On November 12, 2014, the fix1254.sh script has been executed on the signing server. Unfortunately, it turned out that the openssl version in use on the signing server is too old to support the 'whirlpool' digest. Hence the script has been edited to omit the generation of 'whirlpool' fingerprints in the documents to be signed. The modified script has been attached as fix1254-signer.sh. The produced signature files have been attached as a compressed tar file named files-1254.tar.gz. |
|
I pushed the fix to https://github.com/INOPIAE/CAcert/commit/c4e1fb4b3d1c155f27679c69728d61918cbb4eeb. As I had trouble with the automatic CrLf correction I attached the files for the certs folder in files_for_certs_folder.zip I renamed the file fingerprint-long-complex.txt.asc to cacert-pki-fingerprints.txt.asc |
Date Modified | Username | Field | Change |
---|---|---|---|
2014-03-02 16:17 | BenBE | New Issue | |
2014-03-02 16:17 | BenBE | Assigned To | => BenBE |
2014-03-02 21:52 | dominiks | Note Added: 0004614 | |
2014-04-09 21:59 | BenBE | Note Added: 0004705 | |
2014-04-09 21:59 | BenBE | Status | new => needs work |
2014-04-09 22:00 | BenBE | Assigned To | BenBE => NEOatNHNG |
2014-04-09 22:02 | BenBE | Note Edited: 0004705 | |
2014-11-13 16:08 | wytze | Note Added: 0005104 | |
2014-11-13 16:09 | wytze | File Added: fix1254.sh | |
2014-11-13 16:13 | wytze | Note Added: 0005105 | |
2014-11-13 16:13 | wytze | File Added: fix1254-signer.sh | |
2014-11-13 16:13 | wytze | File Added: files-1254.tar.gz | |
2014-11-21 10:38 | INOPIAE | File Added: files_for_certs_folder.zip | |
2014-11-21 10:41 | INOPIAE | Note Added: 0005115 | |
2014-11-21 10:41 | INOPIAE | Assigned To | NEOatNHNG => BenBE |
2014-11-21 10:41 | INOPIAE | Status | needs work => fix available |
2014-11-21 10:44 | INOPIAE | Note Edited: 0005115 | |
2015-11-25 20:47 | INOPIAE | Relationship added | related to 0001305 |