Mail archive
alpine-devel

Re: [alpine-devel] Upgrading package signatures from SHA1 to SHA2 digest.

From: Timo Teras <timo.teras_at_iki.fi>
Date: Tue, 20 Mar 2018 15:06:51 +0200

On Fri, 9 Mar 2018 08:02:50 -0500
Ferris Ellis <ferris_at_ferrisellis.com> wrote:

> Also, as I mentioned in my last reply to A. Wilcox, I think since the
> RSA signature is ASN1 encoded. If so you shouldn’t need a new prefix
> type, as the ASN1 blob states the hash that it contains. But please
> correct me if I’m wrong on this! Just trying to be of help :)

I was just looking at the code again, and we did add support for sha256
and sha512 + rsa signatures earlier. It detects the signature type from
the filename (RSA, RSA256, RSA512).

The signature it self is raw output of "openssl dgst -sha -sign
pkey.pem" output, and IIRC it is not asn1 but the raw signature for the
mechanism selected.

Cheers,
Timo


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Tue Mar 20 2018 - 15:06:51 GMT