View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0001496Main CAcert WebsiteGPG/PGPpublic2020-10-31 13:482022-09-21 19:45
ReporterNoSubstitute Assigned ToTed  
PrioritynormalSeverityminorReproducibilityalways
Status needs review & testingResolutionopen 
PlatformMain CAcert WebsiteOSN/AOS Versionstable
Summary0001496: CAcert signed GPG key reports Invalid Digest Algorithm
DescriptionI'm guessing this could be why.

gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
sig% P X 0xD2BB0D0165D0FD58 2019-09-22 [Invalid digest algorithm]
sig% P 0xD2BB0D0165D0FD58 2020-10-31 [Invalid digest algorithm]

>gpg --version
gpg (GnuPG) 2.2.23
libgcrypt 1.8.6
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: C:/Users/Kim/AppData/Roaming/gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Steps To ReproduceSign a gpg key with the gpg signing feature of cacert.
Import key to gpg.
Check the signatures of the key.
Additional InformationPatch created in https://bugs.cacert.org/view.php?id=1473
TagsNo tags attached.
Reviewed by
Test Instructions

Relationships

related to 0001473 ready to deployTed PGP keys are signed with SHA1 
related to 0001500 new Issues in mail template for gpg signing response 

Activities

NoSubstitute

2020-10-31 13:48

updater  

2020-10-31 142414-CAcert_signed_GPG_key-Invalid_digest_algorithm.png (4,726 bytes)   
2020-10-31 142414-CAcert_signed_GPG_key-Invalid_digest_algorithm.png (4,726 bytes)   

gleurent

2020-12-15 13:40

reporter   ~0005924

This is because SHA-1 signatures are unsafe and can be abused in practice: https://sha-mbles.github.io/
GnuPG has been rejecting them for more than one year.

I opened a bug report about one year ago (0001473) to warn CA Cert before making the attack public, but nothing has happened since and CA Cert still uses SHA-1 to certify user's PGP keys. This is really a shame.

L10N

2020-12-20 09:50

reporter   ~0005925

Yes, this should have been solved by now. How about you two, gleurent and NoSubstitute, take care of this case? For our volunteer software team, there would still be 1000 bugs left...

NoSubstitute

2020-12-20 20:50

updater   ~0005926

I wish I had any coding skills to offer.
I can help out testing if someone else does the coding part. :-)

jandd

2020-12-25 08:50

administrator   ~0005929

@NoSubstitute coding is already done. It just needs to be tested. The patch has been applied on test.cacert.org since May 17th 2020.

NoSubstitute

2020-12-26 14:09

updater   ~0005930

@jandd alright.

I just registered on the test system, as I didn't have an account there.
I'm not getting the email verification.

jandd

2020-12-26 14:42

administrator   ~0005931

@NoSubstitute thanks for volunteering for tests. The test system sends its mails to a special catchall mailbox and does not send it to the Internet. You can go to the test manager at https://test.cacert.org:14843/mail and log in with your test system credentials. This gives you access to your mails from the test system. There is a function to give you assurance points at https://test.cacert.org:14843/manage-account/admin-increase. You need 100 points to be able to use the GPG function.

NoSubstitute

2020-12-26 16:00

updater   ~0005932

Thank you. That part worked great.
Managed to add points, and add secondary email, and request GPG signature.
Grabbed signature, and imported to Kleopatra, and it doesn't complain about invalid algorithm for that signature.

However, it says "no public key" (see attached image), as the test GPG key doesn't seem to be the same as the one for the PROD system, and I find no reference to where I can grab the TEST GPG key, so I can verify that the signature is fine.

Also, the email sent contains references to the PROD GPG key, as well as a download URL on the PROD system, but with one unprintable character, as seen below.

***
Hi Kim,

Your CAcert signed key for kim.nilsson@no-substitute.com is available online at:

https://www.cacert.org/gpg.php?id=3&cert054

To help improve the trust of CAcert in general, it's appreciated if you could also sign our key and upload it to a key server. Below is a copy of our primary key details:

pub 1024D/65D0FD58 2003-07-11 CA Cert Signing Authority (Root CA) <gpg@cacert.org>
Key fingerprint = A31D 4F81 EF4E BD07 B456 FA04 D2BB 0D01 65D0 FD58

Best regards
CAcert.org Support!
***
2020-12-26 165239-CAcert-GPG_test-signature.png (5,896 bytes)   
2020-12-26 165239-CAcert-GPG_test-signature.png (5,896 bytes)   

jandd

2020-12-26 16:48

administrator   ~0005933

@NoSubstitute thanks for testing. The test system uses a different gpg key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQGiBE3TAtQRBACuFhUNT3BOIXflZx8ENFN2hf0KHDgReWMW5+hcx8M2C9mueAST
89x0QxtdWUbsrMFSr3UvDIKjoPFVzV+WT/dez5aADSrnR4OxYPfzcNIWPjm8su/9
HrH6+ivaH+iOoBOuhYrHthun+1fsqLedhTMNqb+tt6OfzqIuyFkmpm+FqwCg5ECF
s53E7j6BJuKYLeWqFDqFOH0D/1pnXyBF78YurXcwwA7eSQWoc3f1g5lwyqOWwcLv
ynI/dcPV5BosEUcqEjaNEyBR0LFRZC7tnw2VLPzr65aLA6SrFqEJ2bEdWkO9vM5g
8InhmcqTz7Yg/QGnyGT0iNBMG8zg4Ajz20Ty6GE887HMao6qpYKXSbujMRWVjVLn
VjpgA/9i1gsBjpGwr5rJ67dyDLVkJ5XMEP2ivgAhzKQ/inyLk2N3Nbm0YKWgrZRE
+pEcZVsLn2jHqd5yu1zVr3Cm44HHaB/A4ew+hRio9vbhJy7cfanfZpAL8Rg8wZbQ
t4x6zvrs0fXXNuD1BiSucOK4qGZ2vWukggmhAlHu5x5hws5qtbRLQ0FjZXJ0IFRl
c3QgU2VydmVyIFNpZ25pbmcgQXV0aG9yaXR5IChmb3IgdGVzdGluZyBvbmx5ISEh
KSA8Z3BnQGNhY2VydC5vcmc+iGYEExECACYFAk3TAtQCGwMFCSWYBgAGCwkIBwMC
BBUCCAMEFgIDAQIeAQIXgAAKCRBL5zSBd/dRrLxrAJ9kaSLRAlcy9e57yuAAxoZy
weX20ACg44B1AA26G0OePf9o3YBdUTjPsES5Ag0ETdMC1BAIAI9UEZ2NKbJfVWc+
CBb5kKhO6qazLDnRsRkMY5WE1PTBP09ieAaQ7cv424e6fKdZxSO5vUQ27tLmcQXo
ICoREsDuSyESvEPbyBOro5LIY+z52TihqEHLPUN7OxlbPLX81AIKOCgEIUtpcYoX
MiwXPVO50Swo3PCCQiOQ7ewvkd32ZbSPl50B+/59JiDsQsnx1o+Ls7WkALzQ6w7T
UxLIVYWuFd9Hg/VOXBH67e81p/O7SDy6pMkDQaA9F22rA5Vv5TBJ2BAKWYfYK47i
HxtUhw2/WBUzhcw2AGqCnCy9nrYELLAqljnlCdWLyvhuWyUAG87D/1/5qD0+9idh
jcFWH/MAAwUH/2R7AWSZzbomxTcO5Q7/WxzTDtgUEy7eRbjqFMAusiQlTYDdeHz8
PfWok6mGhUapJaGnA05hy6aYBIzl4idmQgz39xD47O0qeDWve6YwrDuLYju6JIwv
YfNiNAOjrZcRW4PCYeJfIK0WHV3+3kkneOX4Mql9QNKWs5W2LReMnHyq6POWasuf
EgDu0TfqaJTeK3IXKrEJI8G4R4xdHXmZ16Is5T49w09mvMan+TTGczzjWn0aWD3D
DOlTKK7h+82MSNCTiCi7aNoEyMTfeadSsrbqiaqtF0P/fyBDpGWFj3/A4foAcgtx
KVt0UHf1Va1g8M+czG3pCOne6dyafZGAe7qITwQYEQIADwUCTdMC1AIbDAUJJZgG
AAAKCRBL5zSBd/dRrAC5AKDdxp26zp4Km3jItBdeMD/gv8qxMgCgmmH1kizLe5Rk
yYchS2oleEWXIqM=
=9tD2
-----END PGP PUBLIC KEY BLOCK-----

The mail template is hard coded into the signer client script. The special character in the mail link may be introduced by some encoding issue. The code line in CommModule/client.pl looks sane:

$body .= "https://www.cacert.org/gpg.php?id=3&cert=$row{id}\n\n";

but maybe the Content-Transfer-Encoding: quoted-printable in the sendmail function in the same script breaks the content. I will file a separate bug for the mail template issues.

NoSubstitute

2020-12-26 16:54

updater   ~0005934

With the test key imported the signature looks great.
2020-12-26 175400-CAcert-GPG_test-signature-valid.png (9,339 bytes)   
2020-12-26 175400-CAcert-GPG_test-signature-valid.png (9,339 bytes)   

jandd

2021-01-31 11:17

administrator   ~0005943

@Ted seems like the patch has been tested successfully. What are the next steps to get it in the production system (I know a site visit because it is code on the signer). Someone needs to merge the code into the proper branch and make a formal delivery to the critical team? Do we have a documentation of how this should be done? Can we add such a documentation to codedocs?

Ted

2021-02-01 21:29

administrator   ~0005952

@jandd, those were exactly the questions which discouraged me to continue work on this bug... The signer machine is something like a big black box to me. :-\

First of all the changes have to be reviewed by a Software Assessor, probably me. Where are these changes archived? I did not find a branch-1496 in the cacert-devel repository on github or git.cacert.org (is the signer sofware part of this repository at all? Only CommModule/server.pl?), is it somewhere in the svn repository? Or where else can I have a look at what was changed?

The next question is whether the installation on the testserver is sufficiently simmilar to the signer installation. I did not find the signer machine on infradocs, am I looking at the wrong places? Maybe @egal can give some info here? Or to we have to ask Wytze? Without knowing the file layout on the signer it's quite hard to create some auditable install package.

NoSubstitute

2021-07-28 09:54

updater   ~0006039

Awww, what a shame no progress was made on this now that there was a forced trip to the server.
Created a new signature for my GPG key today, and it's also invalid; just like it has been since 2019.

Ted

2022-09-21 19:45

administrator   ~0006134

IMHO this is a duplicate of 0001473, we should continue work there.

Issue History

Date Modified Username Field Change
2020-10-31 13:48 NoSubstitute New Issue
2020-10-31 13:48 NoSubstitute File Added: 2020-10-31 142414-CAcert_signed_GPG_key-Invalid_digest_algorithm.png
2020-12-15 13:37 gleurent Relationship added related to 0001497
2020-12-15 13:37 gleurent Relationship deleted related to 0001497
2020-12-15 13:38 gleurent Relationship added related to 0001473
2020-12-15 13:40 gleurent Note Added: 0005924
2020-12-20 09:51 L10N Note Added: 0005925
2020-12-20 20:50 NoSubstitute Note Added: 0005926
2020-12-21 13:58 SaT Description Updated
2020-12-21 13:58 SaT Steps to Reproduce Updated
2020-12-21 13:58 SaT Additional Information Updated
2020-12-25 08:50 jandd Note Added: 0005929
2020-12-26 14:09 NoSubstitute Note Added: 0005930
2020-12-26 14:42 jandd Note Added: 0005931
2020-12-26 16:00 NoSubstitute Note Added: 0005932
2020-12-26 16:00 NoSubstitute File Added: 2020-12-26 165239-CAcert-GPG_test-signature.png
2020-12-26 16:48 jandd Note Added: 0005933
2020-12-26 16:53 jandd Relationship added related to 0001500
2020-12-26 16:54 NoSubstitute Note Added: 0005934
2020-12-26 16:54 NoSubstitute File Added: 2020-12-26 175400-CAcert-GPG_test-signature-valid.png
2020-12-26 17:03 jandd Assigned To => jandd
2020-12-26 17:03 jandd Status new => needs review & testing
2021-01-31 11:14 jandd Assigned To jandd => Ted
2021-01-31 11:17 jandd Note Added: 0005943
2021-02-01 21:29 Ted Note Added: 0005952
2021-07-28 09:54 NoSubstitute Note Added: 0006039
2022-09-21 19:45 Ted Note Added: 0006134