From owner-freebsd-pkg@FreeBSD.ORG Wed Jan 15 02:44:43 2014 Return-Path: Delivered-To: freebsd-pkg@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BA27798E; Wed, 15 Jan 2014 02:44:43 +0000 (UTC) Received: from shell0.rawbw.com (shell0.rawbw.com [198.144.192.45]) by mx1.freebsd.org (Postfix) with ESMTP id A3AAE1AE8; Wed, 15 Jan 2014 02:44:43 +0000 (UTC) Received: from eagle.yuri.org (stunnel@localhost [127.0.0.1]) (authenticated bits=0) by shell0.rawbw.com (8.14.4/8.14.4) with ESMTP id s0F2igVN036260; Tue, 14 Jan 2014 18:44:42 -0800 (PST) (envelope-from yuri@rawbw.com) Message-ID: <52D5F61A.4030807@rawbw.com> Date: Tue, 14 Jan 2014 18:44:42 -0800 From: Yuri User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Baptiste Daroussin Subject: Re: Does pkg check signatures? References: <52D5269A.5090803@rawbw.com> <52D52926.5090104@infracaninophile.co.uk> <52D530CE.4090908@rawbw.com> <20140114125830.GB77567@ithaqua.etoilebsd.net> <52D53B5E.9020705@rawbw.com> <20140114134820.GC77567@ithaqua.etoilebsd.net> In-Reply-To: <20140114134820.GC77567@ithaqua.etoilebsd.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-pkg@FreeBSD.org X-BeenThere: freebsd-pkg@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Binary package management and package tools discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jan 2014 02:44:43 -0000 On 01/14/2014 05:48, Baptiste Daroussin wrote: > secteam doesn't seem to agree with you, talk to them. Since I didn't find any documentation on how security of package transfer works, I did some debugging and learned from there. The files downloaded from repository are gzipped tar archive with .txz extension, and contain 3 files inside. For example, if the file is mydist.txz, it would be contain these files: * mydist.pub -- RSA public key, always the same in all archives * mydist.sig -- 256 byte binary RSA signature of mydist file * mydist -- the payload file The fingerprint file /usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 contains the SHA256 hash of the .pub file from all .txz archives. So that all those .pub files are the same, and the secret key is merely its verification fingerprint. .sig file is the RSA signature of the payload file. Verification of mydist payload is done using .pub certificate. So this whole process appears to be secure. What confused me is the term "fingerprint". The only question that I still have is this: Why this "fingerprint" is introduced here? Why not just store the corresponding .pub file over there as a trusted key? Since this public key is what is used for verification, and there is 1-1 relationship, unless sha256 gets broken. Eliminating one concept would have made this system simpler, and wouldn't have required to have "fingerprint" term there. Yuri