View Issue Details

IDProjectCategoryView StatusLast Update
0001254Main CAcert Websitewebsite contentpublic2020-05-22 11:30
ReporterBenBE Assigned ToBenBE  
PriorityhighSeveritymajorReproducibilityalways
Status fix availableResolutionopen 
Product Version2014 Q1 
Target Version2014 Q2 
Summary0001254: Update the signed PGP-Message containing the fingerprints of CAcert
DescriptionRaised by a message on the mailing list there is little apriori information that enables someone distrusting the CAcert class 1 root to verify its integrity and authenticity with the information provided in the root certificate download section (index/3).

Given you can trace a trust path from your OpenPGP key to the one used to sign the message with the information you should be able to fully verify the information on that page. Unfortunately the current signature only covers the MD5 and SHA1 hash of the certificate - which both constitute weak hashes in todays standards.

Thus it'd be nice to have the GnuPG signature be updated to include a much broader set of hashes. See below for more details.
Steps To ReproduceTry to verify the CAcert Class 1 Root certificate and CAcert Class 3 Intermediate certificate only by trusting the information in the block on index/3 while distrusting MD5 entirely and assuming SHA1 to be unreliable.
Additional InformationA better informational block captured in the signature might look like:

---
Fingerprints for the CAcert Class 1 Root certificate:
=====================================================

for a in md4 md5 sha1 ripemd160 sha224 sha256 sha384 sha512 whirlpool; do \
openssl x509 -noout -fingerprint -$a -in class1.pem ; done

MD4 Fingerprint=
    EB:36:C3:01:E3:AC:CE:CE:D1:C1:DF:A5:D8:17:BC:50
MD5 Fingerprint=
    A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B
SHA1 Fingerprint=
    13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33
RIPEMD160 Fingerprint=
    EA:B7:2F:F1:24:04:4B:57:D4:45:BE:97:E7:3B:CD:92:C2:6D:AE:1D
SHA224 Fingerprint=
    60:1D:E5:E5:56:C9:91:B6:BD:A6:75:43:FB:5C
    73:71:BD:E1:27:FF:A6:84:24:2F:66:F3:16:88
SHA256 Fingerprint=
    FF:2A:65:CF:F1:14:9C:74:30:10:1E:0F:65:A0:7E:C1
    91:83:A3:B6:33:EF:4A:65:10:89:0D:AD:18:31:6B:3A
SHA384 Fingerprint=
    DF:63:0B:17:89:70:CF:75:B1:E2:4E:F0:DD:7B:F5:24
    B6:9D:64:80:6E:D1:EC:07:BF:D5:F7:AB:32:DE:96:51
    9D:46:CC:CA:D3:B3:E3:89:40:6E:7B:A8:2B:55:B4:B6
SHA512 Fingerprint=
    EB:0A:D8:4F:11:B4:B0:8B:F7:6C:78:66:EF:32:84:22
    92:BB:B2:86:2F:B6:FC:49:C0:A3:F8:07:62:9C:A8:F5
    DD:28:A0:DE:7B:0C:04:D5:66:02:0A:C4:FF:2B:A4:4E
    2F:61:2A:A5:8A:1A:E4:CC:AC:E4:86:D2:44:95:2F:C2
whirlpool Fingerprint=
    64:9E:AB:97:59:10:EF:E0:DD:78:D2:A8:B4:B1:D1:6B
    A4:08:39:42:50:F0:1A:A8:6E:38:B4:4A:52:2B:35:75
    ED:98:4A:C9:53:77:BD:DA:E2:18:41:8C:BD:21:41:1A
    EC:53:E2:08:FF:21:31:A2:B2:CF:F3:FB:81:79:AF:D7

Fingerprints for the CAcert Class 3 Intermediate certificate:
=============================================================

for a in md4 md5 sha1 ripemd160 sha224 sha256 sha384 sha512 whirlpool; do \
openssl x509 -noout -fingerprint -$a -in class3.pem ; done

MD4 Fingerprint=
    60:B7:CD:A2:F2:18:55:3F:1B:F0:43:31:A4:06:82:9C
MD5 Fingerprint=
    F7:25:12:82:4E:67:B5:D0:8D:92:B7:7C:0B:86:7A:42
SHA1 Fingerprint=
    AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE
RIPEMD160 Fingerprint=
    41:A5:08:B6:C7:35:54:58:0E:F6:EE:C1:86:FA:A3:6D:BF:E9:D5:E1
SHA224 Fingerprint=
    90:C6:94:5B:4B:91:D3:72:49:BD:CD:D2:A4:51
    CC:24:A6:E0:8A:1D:ED:1E:E3:C4:53:7C:17:21
SHA256 Fingerprint=
    4E:DD:E9:E5:5C:A4:53:B3:88:88:7C:AA:25:D5:C5:C5
    BC:CF:28:91:D7:3B:87:49:58:08:29:3D:5F:AC:83:C8
SHA384 Fingerprint=
    DF:92:B7:83:6F:2A:CD:A0:07:9A:0B:14:7C:C8:D5:92
    20:E7:6C:76:61:9A:75:3C:0B:64:D1:3F:13:E3:A5:CB
    C6:81:92:0A:86:62:A0:95:44:03:DE:10:AB:72:1D:B1
SHA512 Fingerprint=
    3C:6E:24:87:E4:9F:43:06:15:E4:E5:7C:9D:8D:67:5F
    36:41:FC:00:3F:7D:95:26:DD:BC:AA:35:DA:6D:5D:B4
    B1:59:03:47:62:BA:BA:4C:29:98:60:42:96:EC:C3:11
    5F:AB:81:2F:04:F0:E4:D4:B2:EE:C6:9C:B3:B8:3B:F1
whirlpool Fingerprint=
    78:64:5C:D2:20:2A:DB:CC:54:3D:26:38:71:E7:17:15
    66:A0:88:47:E3:E2:26:31:B4:CD:63:7B:B1:D2:53:AC
    EE:0B:19:2A:0C:4F:82:6B:AB:8B:14:0F:09:9D:99:BD
    3B:9E:5D:E8:A6:CA:6D:3D:B6:33:08:52:AA:5F:C4:46

Fingerprints for the CAcert OpenPGP signing key:
================================================

LC_ALL=C gpg --list-key --fingerprint gpg@cacert.org

pub 1024D/65D0FD58 2003-07-11 [expires: 2033-07-03]
      Key fingerprint = A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58
uid CA Cert Signing Authority (Root CA) <gpg@cacert.org>
sub 2048g/113ED0F2 2003-07-11 [expires: 2033-07-03]
---

This also gives instructions on how to obtain the information presented in the signature block and thus helping people verify this data.
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

related to 0001305 needs review & testingTed CAcert Class1 root certificate needs to be reissued with an updated CDP and a SHA-based signature 

Activities

dominiks

2014-03-02 21:52

reporter   ~0004614

Actually, the simplest to use (from GPG user perspective) seems to me to sign
the complete key (root.crt, root.der, root.txt) and supply the detached
signature. It is the usual procedure and then you need only GnuPG for
verifying and don't have to verify the hashes, find the bloody openssl syntax
and then compare again manually the hashes.

BenBE

2014-04-09 21:59

updater   ~0004705

Last edited: 2014-04-09 22:02

Updated version shortened to only include SHA1, SHA-256, SHA-512 and Whirlpool for better compatibility to the average user:

---
Fingerprints for the CAcert Class 1 Root certificate:
=====================================================

for a in sha1 sha256 sha512 whirlpool; do \
openssl x509 -noout -fingerprint -$a -in class1.pem ; done

SHA1 Fingerprint=
    13:5C:EC:36:F4:9C:B8:E9:3B:1A:B2:70:CD:80:88:46:76:CE:8F:33
SHA256 Fingerprint=
    FF:2A:65:CF:F1:14:9C:74:30:10:1E:0F:65:A0:7E:C1
    91:83:A3:B6:33:EF:4A:65:10:89:0D:AD:18:31:6B:3A
SHA512 Fingerprint=
    EB:0A:D8:4F:11:B4:B0:8B:F7:6C:78:66:EF:32:84:22
    92:BB:B2:86:2F:B6:FC:49:C0:A3:F8:07:62:9C:A8:F5
    DD:28:A0:DE:7B:0C:04:D5:66:02:0A:C4:FF:2B:A4:4E
    2F:61:2A:A5:8A:1A:E4:CC:AC:E4:86:D2:44:95:2F:C2
whirlpool Fingerprint=
    64:9E:AB:97:59:10:EF:E0:DD:78:D2:A8:B4:B1:D1:6B
    A4:08:39:42:50:F0:1A:A8:6E:38:B4:4A:52:2B:35:75
    ED:98:4A:C9:53:77:BD:DA:E2:18:41:8C:BD:21:41:1A
    EC:53:E2:08:FF:21:31:A2:B2:CF:F3:FB:81:79:AF:D7

Fingerprints for the CAcert Class 3 Intermediate certificate:
=============================================================

for a in sha1 sha256 sha512 whirlpool; do \
openssl x509 -noout -fingerprint -$a -in class3.pem ; done

SHA1 Fingerprint=
    AD:7C:3F:64:FC:44:39:FE:F4:E9:0B:E8:F4:7C:6C:FA:8A:AD:FD:CE
SHA256 Fingerprint=
    4E:DD:E9:E5:5C:A4:53:B3:88:88:7C:AA:25:D5:C5:C5
    BC:CF:28:91:D7:3B:87:49:58:08:29:3D:5F:AC:83:C8
SHA512 Fingerprint=
    3C:6E:24:87:E4:9F:43:06:15:E4:E5:7C:9D:8D:67:5F
    36:41:FC:00:3F:7D:95:26:DD:BC:AA:35:DA:6D:5D:B4
    B1:59:03:47:62:BA:BA:4C:29:98:60:42:96:EC:C3:11
    5F:AB:81:2F:04:F0:E4:D4:B2:EE:C6:9C:B3:B8:3B:F1
whirlpool Fingerprint=
    78:64:5C:D2:20:2A:DB:CC:54:3D:26:38:71:E7:17:15
    66:A0:88:47:E3:E2:26:31:B4:CD:63:7B:B1:D2:53:AC
    EE:0B:19:2A:0C:4F:82:6B:AB:8B:14:0F:09:9D:99:BD
    3B:9E:5D:E8:A6:CA:6D:3D:B6:33:08:52:AA:5F:C4:46

Fingerprints for the CAcert OpenPGP signing key:
================================================

LC_ALL=C gpg --list-key --fingerprint gpg@cacert.org

pub 1024D/65D0FD58 2003-07-11 [expires: 2033-07-03]
      Key fingerprint = A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58
uid CA Cert Signing Authority (Root CA) <gpg@cacert.org>
sub 2048g/113ED0F2 2003-07-11 [expires: 2033-07-03]
---

@dominiks: Detached signatures for the downloadable files are a ice idea but are impractical in some situations when encoding/line endings differ or other issues on the client side arise for verification. Furthermore does a detached signature only provide one validation - with this somewhat longer text you have different test vectors so you desire to test them or one turns out unreliable.

wytze

2014-11-13 16:08

developer   ~0005104

A script has been written which can be used on the signing server to collect all the signatures requested for this issue. The script is attached.

wytze

2014-11-13 16:09

developer  

fix1254.sh (2,813 bytes)

wytze

2014-11-13 16:13

developer   ~0005105

On November 12, 2014, the fix1254.sh script has been executed on the signing server. Unfortunately, it turned out that the openssl version in use on the signing server is too old to support the 'whirlpool' digest. Hence the script has been edited to omit the generation of 'whirlpool' fingerprints in the documents to be signed.
The modified script has been attached as fix1254-signer.sh.
The produced signature files have been attached as a compressed tar file named files-1254.tar.gz.

wytze

2014-11-13 16:13

developer  

fix1254-signer.sh (2,793 bytes)

wytze

2014-11-13 16:13

developer  

files-1254.tar.gz (2,657 bytes)

INOPIAE

2014-11-21 10:38

updater  

INOPIAE

2014-11-21 10:41

updater   ~0005115

Last edited: 2014-11-21 10:44

I pushed the fix to https://github.com/INOPIAE/CAcert/commit/c4e1fb4b3d1c155f27679c69728d61918cbb4eeb.
As I had trouble with the automatic CrLf correction I attached the files for the certs folder in files_for_certs_folder.zip
I renamed the file fingerprint-long-complex.txt.asc to cacert-pki-fingerprints.txt.asc

Issue History

Date Modified Username Field Change
2014-03-02 16:17 BenBE New Issue
2014-03-02 16:17 BenBE Assigned To => BenBE
2014-03-02 21:52 dominiks Note Added: 0004614
2014-04-09 21:59 BenBE Note Added: 0004705
2014-04-09 21:59 BenBE Status new => needs work
2014-04-09 22:00 BenBE Assigned To BenBE => NEOatNHNG
2014-04-09 22:02 BenBE Note Edited: 0004705
2014-11-13 16:08 wytze Note Added: 0005104
2014-11-13 16:09 wytze File Added: fix1254.sh
2014-11-13 16:13 wytze Note Added: 0005105
2014-11-13 16:13 wytze File Added: fix1254-signer.sh
2014-11-13 16:13 wytze File Added: files-1254.tar.gz
2014-11-21 10:38 INOPIAE File Added: files_for_certs_folder.zip
2014-11-21 10:41 INOPIAE Note Added: 0005115
2014-11-21 10:41 INOPIAE Assigned To NEOatNHNG => BenBE
2014-11-21 10:41 INOPIAE Status needs work => fix available
2014-11-21 10:44 INOPIAE Note Edited: 0005115
2015-11-25 20:47 INOPIAE Relationship added related to 0001305