Mail archive

Re: [alpine-devel] Upgrading package signatures from SHA1 to SHA2 digest.

From: Timo Teras <>
Date: Tue, 20 Mar 2018 15:06:51 +0200

On Fri, 9 Mar 2018 08:02:50 -0500
Ferris Ellis <> wrote:

> Also, as I mentioned in my last reply to A. Wilcox, I think since the
> RSA signature is ASN1 encoded. If so you shouldn’t need a new prefix
> type, as the ASN1 blob states the hash that it contains. But please
> correct me if I’m wrong on this! Just trying to be of help :)

I was just looking at the code again, and we did add support for sha256
and sha512 + rsa signatures earlier. It detects the signature type from
the filename (RSA, RSA256, RSA512).

The signature it self is raw output of "openssl dgst -sha -sign
pkey.pem" output, and IIRC it is not asn1 but the raw signature for the
mechanism selected.


Received on Tue Mar 20 2018 - 15:06:51 UTC