FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 12-04-2008, 11:30 AM
Thomas Karpiniec
 
Default Remote signing of large files

Hi Magnus,

Magnus Therning wrote:
> At work I want to add signing to our automatic build system. In
> theory it's a simple application of `gpg` at the end of building to
> get a detached signature would do, but I'm weary of sticking the
> secret key on the build servers. I'd feel a bit more safe if the
> signing could be done on a separate server. However, the built files
> are large and I don't want to introduce a bottle neck by transfering
> all files back and forth over the network.

Would it be sufficiently secure to take an SHA1SUM or similar hash of
the file on the remote side and sign that?

Obviously that's not quite the same thing, but it would be a good deal
faster and might meet your needs.

Regards,

Thomas
 
Old 12-04-2008, 12:19 PM
"Magnus Therning"
 
Default Remote signing of large files

On Thu, Dec 4, 2008 at 12:30 PM, Thomas Karpiniec <arctanx@arctanx.id.au> wrote:
> Hi Magnus,
>
> Magnus Therning wrote:
>> At work I want to add signing to our automatic build system. In
>> theory it's a simple application of `gpg` at the end of building to
>> get a detached signature would do, but I'm weary of sticking the
>> secret key on the build servers. I'd feel a bit more safe if the
>> signing could be done on a separate server. However, the built files
>> are large and I don't want to introduce a bottle neck by transfering
>> all files back and forth over the network.
>
> Would it be sufficiently secure to take an SHA1SUM or similar hash of
> the file on the remote side and sign that?
>
> Obviously that's not quite the same thing, but it would be a good deal
> faster and might meet your needs.

It would be sufficiently secure, but unfortunately we've been doing
manual signing for a while. Other tools we have depend on the
signature being what gpg spits out when being fed the file rather than
a hash of the file. Of course we could rewrite those tools, but
there's an issue of backwards compatability so it will turn it into a
harder sale.

/M

--
Magnus Therning (OpenPGP: 0xAB4DFBA4)
magnus´╝*therning´╝Äorg Jabber: magnus´╝*therning´╝Äorg
http://therning.org/magnus identi.ca|twitter: magthe
 
Old 12-05-2008, 08:49 PM
Magnus Therning
 
Default Remote signing of large files

Boyd Stephen Smith Jr. wrote:
> On Thursday 04 December 2008, "Magnus Therning" <magnus@therning.org> wrote
> about 'Remote signing of large files':
>> I'd feel a bit more safe if the
>> signing could be done on a separate server. However, the built files
>> are large and I don't want to introduce a bottle neck by transfering
>> all files back and forth over the network.
>
> In any case, you'd only have to send big files in one direction, the
> detached signatures should be relatively small.

True, but with large files it still is too much time spent sending files
over the network.

>> So, my idea was to somehow separate the two steps that GnuPG performs
>> under the hood when signing, creating the message digest (hash) and
>> the signing of this message digest. I've found `--print-md` which
>> looks promising, but there doesn't seem to be any `--sign-md`.
>
> A detached signature is, mathematically, the message digest run thorough
> the encrypt() function. [Encrypting with the private key allows anyone
> with the public key to decrypt to the digest "plaintext" which they can
> compare to a locally calculated message digest, thus verifying the
> signature. They can also be assured that the signature is from the owner
> of the private key, or that the private key has been compromised.]
>
> So, you might try --encrypt'ing the output of --print-md.

AFAIU it wouldn't work:

1. Encrypting is actually using a symmetric algorithm for the bulk of
the data and asymmetric crypto is only used to encrypt the symmetric
key. In any case I don't think I can get `--encrypt` to use the private
key.

2. AFAIU signing always signs a message digest, no matter what type of
data I stick in. So signing the output of `--print-md` wouldn't do
since verification would require a manual step.

/M

--
Magnus Therning (OpenPGP: 0xAB4DFBA4)
magnus´╝*therning´╝Äorg Jabber: magnus´╝*therning´╝Äorg
http://therning.org/magnus

Haskell is an even 'redder' pill than Lisp or Scheme.
-- PaulPotts
 
Old 12-06-2008, 12:11 AM
"Boyd Stephen Smith Jr."
 
Default Remote signing of large files

Please don't CC me on replies, unless I request one. It is against debian-*
list policy.

On Friday 2008 December 05 15:49, you wrote:
> Boyd Stephen Smith Jr. wrote:
> > On Thursday 04 December 2008, "Magnus Therning" <magnus@therning.org>
> > wrote
> > about 'Remote signing of large files':
> >> So, my idea was to somehow separate the two steps that GnuPG performs
> >> under the hood when signing, creating the message digest (hash) and
> >> the signing of this message digest. I've found `--print-md` which
> >> looks promising, but there doesn't seem to be any `--sign-md`.
> >
> > A detached signature is, mathematically, the message digest run thorough
> > the encrypt() function. [Encrypting with the private key allows anyone
> > with the public key to decrypt to the digest "plaintext" which they can
> > compare to a locally calculated message digest, thus verifying the
> > signature. They can also be assured that the signature is from the owner
> > of the private key, or that the private key has been compromised.]
> >
> > So, you might try --encrypt'ing the output of --print-md.
>
> AFAIU it wouldn't work:
>
> 1. Encrypting is actually using a symmetric algorithm for the bulk of
> the data and asymmetric crypto is only used to encrypt the symmetric
> key. In any case I don't think I can get `--encrypt` to use the private
> key.

That's only true in active protocols with a handshake, e.g. SSL or TLS. The
only reason active protocols do this is because symmetric ciphers are
generally faster.

For "offline" encryption, using an asymmetric keys directly works fine. If
you encrypt something with gpg it uses the public key of the chosen recipient
or their public subkey designated for encryption.

> 2. AFAIU signing always signs a message digest, no matter what type of
> data I stick in. So signing the output of `--print-md` wouldn't do
> since verification would require a manual step.

Um, sort of. sign(data, privkey) == encrypt(digest(data), privkey), by
definition. So, you should be able to take the output of --print-md,
then --encrypt it, specifying your private key. It's a bit more complex then
that, because of data encoding issues, but it should be possible with the
command-line tools. If not, it's definitely possible with some custom C
code -- I forget what the C binding for gpg are called, but you'll probably
need that and libgcrypt.
--
Boyd Stephen Smith Jr. * * * * * * * * * * ,= ,-_-. =.
bss03@volumehost.net * * * * * * * * * * *((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy * * * * * `-'(. .)`-'
http://iguanasuicide.org/ * * * * * * * * * * *\_/ * *
 
Old 12-06-2008, 02:37 AM
Osamu Aoki
 
Default Remote signing of large files

On Thu, Dec 04, 2008 at 12:26:31PM +0000, Magnus Therning wrote:
> At work I want to add signing to our automatic build system. In
> theory it's a simple application of `gpg` at the end of building to
> get a detached signature would do, but I'm weary of sticking the
> secret key on the build servers. I'd feel a bit more safe if the
> signing could be done on a separate server. However, the built files
> are large and I don't want to introduce a bottle neck by transfering
> all files back and forth over the network.

Are you sigining each file or signing like what we do at Debian.

If you install devscripts package, there is "debsign" to sign *.dsc
properly while creating right *.changes

Thisallow us to sign package build on remote machine safely.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-06-2008, 04:01 PM
Magnus Therning
 
Default Remote signing of large files

Osamu Aoki wrote:
> On Thu, Dec 04, 2008 at 12:26:31PM +0000, Magnus Therning wrote:
>> At work I want to add signing to our automatic build system. In
>> theory it's a simple application of `gpg` at the end of building to
>> get a detached signature would do, but I'm weary of sticking the
>> secret key on the build servers. I'd feel a bit more safe if the
>> signing could be done on a separate server. However, the built files
>> are large and I don't want to introduce a bottle neck by transfering
>> all files back and forth over the network.
>
> Are you sigining each file or signing like what we do at Debian.
>
> If you install devscripts package, there is "debsign" to sign *.dsc
> properly while creating right *.changes
>
> Thisallow us to sign package build on remote machine safely.

I need to sign each file.

/M

--
Magnus Therning (OpenPGP: 0xAB4DFBA4)
magnus´╝*therning´╝Äorg Jabber: magnus´╝*therning´╝Äorg
http://therning.org/magnus

Haskell is an even 'redder' pill than Lisp or Scheme.
-- PaulPotts
 
Old 12-06-2008, 05:21 PM
subscriptions
 
Default Remote signing of large files

> On Thu, Dec 04, 2008 at 12:26:31PM +0000, Magnus Therning wrote:
> I'd feel a bit more safe if the signing could be done on a separate
> server. However, the built files are large and I don't want to
> introduce a bottle neck by transfering all files back and forth over
> the network.

The above sentences describe a mutual exclusive proposition.

That is the problem!

Best,

Rob




--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-06-2008, 05:34 PM
Magnus Therning
 
Default Remote signing of large files

Boyd Stephen Smith Jr. wrote:
> Please don't CC me on replies, unless I request one. It is against debian-*
> list policy.

Sure, and ditto!

> On Friday 2008 December 05 15:49, you wrote:
>> Boyd Stephen Smith Jr. wrote:
>>> On Thursday 04 December 2008, "Magnus Therning" <magnus@therning.org>
>>> wrote
>>> about 'Remote signing of large files':
>>>> So, my idea was to somehow separate the two steps that GnuPG performs
>>>> under the hood when signing, creating the message digest (hash) and
>>>> the signing of this message digest. I've found `--print-md` which
>>>> looks promising, but there doesn't seem to be any `--sign-md`.
>>> A detached signature is, mathematically, the message digest run thorough
>>> the encrypt() function. [Encrypting with the private key allows anyone
>>> with the public key to decrypt to the digest "plaintext" which they can
>>> compare to a locally calculated message digest, thus verifying the
>>> signature. They can also be assured that the signature is from the owner
>>> of the private key, or that the private key has been compromised.]
>>>
>>> So, you might try --encrypt'ing the output of --print-md.
>> AFAIU it wouldn't work:
>>
>> 1. Encrypting is actually using a symmetric algorithm for the bulk of
>> the data and asymmetric crypto is only used to encrypt the symmetric
>> key. In any case I don't think I can get `--encrypt` to use the private
>> key.
>
> That's only true in active protocols with a handshake, e.g. SSL or TLS. The
> only reason active protocols do this is because symmetric ciphers are
> generally faster.
>
> For "offline" encryption, using an asymmetric keys directly works fine. If
> you encrypt something with gpg it uses the public key of the chosen recipient
> or their public subkey designated for encryption.

Please refer to section 2.1 of RFC2440 and you'll see the GnuPG indeed
does use a "session key" for symmetric encryption which is encrypted
with the public key and sent with the message. I imagine this helps a
lot when encrypting the same message for more than one recipient.

>> 2. AFAIU signing always signs a message digest, no matter what type of
>> data I stick in. So signing the output of `--print-md` wouldn't do
>> since verification would require a manual step.
>
> Um, sort of. sign(data, privkey) == encrypt(digest(data), privkey), by
> definition. So, you should be able to take the output of --print-md,
> then --encrypt it, specifying your private key. It's a bit more complex then
> that, because of data encoding issues, but it should be possible with the
> command-line tools. If not, it's definitely possible with some custom C
> code -- I forget what the C binding for gpg are called, but you'll probably
> need that and libgcrypt.

I don't see how I can do that using the command line options.

I don't see how I can get `--encrypt` to use the private key, and even
if I could then we get back to the problem with gpg encrypting using a
symmetric cipher as per the RFC.

The only way I can see of getting encryption with the private key is by
using `--sign` and that will _always_ sign a hash of the file and that
won't do since I then can't use _only_ gpg to verify the signature.

Sure, i can always resort to modify gpg or write a custom tool that
combines crypto primitives in a way that solves the problem I have. In
this case that's not an option though, due to other requirements
(backwards compatibility, etc) requires that I use only a standard,
non-modified GnuPG.

Cheers,
M

--
Magnus Therning (OpenPGP: 0xAB4DFBA4)
magnus´╝*therning´╝Äorg Jabber: magnus´╝*therning´╝Äorg
http://therning.org/magnus

Haskell is an even 'redder' pill than Lisp or Scheme.
-- PaulPotts
 
Old 12-06-2008, 05:43 PM
Tzafrir Cohen
 
Default Remote signing of large files

On Sat, Dec 06, 2008 at 08:21:12PM +0200, subscriptions wrote:
>
> > On Thu, Dec 04, 2008 at 12:26:31PM +0000, Magnus Therning wrote:
> > I'd feel a bit more safe if the signing could be done on a separate
> > server. However, the built files are large and I don't want to
> > introduce a bottle neck by transfering all files back and forth over
> > the network.
>
> The above sentences describe a mutual exclusive proposition.
>
> That is the problem!

Why? Tehcnically you just need the digest (e.g.: the .dsc file) to sign.
The signature technically only signs its content. If you don't trust the
build system to provide you the correct information, how come you trust
it not modify the package before signing (e.g.: add a 'rm -rf /*' in the
prerm script).

--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
ICQ# 16849754 | | friend


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 12-06-2008, 09:05 PM
"Boyd Stephen Smith Jr."
 
Default Remote signing of large files

On Saturday 06 December 2008, Magnus Therning <magnus@therning.org> wrote
about 'Re: Remote signing of large files':
>Boyd Stephen Smith Jr. wrote:
>> Please don't CC me on replies, unless I request one. It is against
>> debian-* list policy.
>
>Sure, and ditto!
>
>> On Friday 2008 December 05 15:49, you wrote:
>>> Boyd Stephen Smith Jr. wrote:
>>>> So, you might try --encrypt'ing the output of --print-md.
>>>
>>> AFAIU it wouldn't work:
>>>
>>> 1. Encrypting is actually using a symmetric algorithm for the bulk of
>>> the data and asymmetric crypto is only used to encrypt the symmetric
>>> key. In any case I don't think I can get `--encrypt` to use the
>>> private key.
>>
>> That's only true in active protocols with a handshake, e.g. SSL or TLS.
>> The only reason active protocols do this is because symmetric ciphers
>> are generally faster.
>>
>> For "offline" encryption, using an asymmetric keys directly works fine.
>> If you encrypt something with gpg it uses the public key of the chosen
>> recipient or their public subkey designated for encryption.
>
>Please refer to section 2.1 of RFC2440 and you'll see the GnuPG indeed
>does use a "session key" for symmetric encryption which is encrypted
>with the public key and sent with the message. I imagine this helps a
>lot when encrypting the same message for more than one recipient.

Bah, well, never read that RFC, but that works, too.

It's certainly possible to encrypt using the public/private key directly,
but I guess the command-line tool may not have that functionality.

Reading the manpage certainly gives a different impression.
Since --encrypt --symmetric is used for encrypting with a symmetric key, I
would expect --encrypt by itself to be *not* using a symmetric key.

>Sure, i can always resort to modify gpg or write a custom tool that
>combines crypto primitives in a way that solves the problem I have. In
>this case that's not an option though, due to other requirements
>(backwards compatibility, etc) requires that I use only a standard,
>non-modified GnuPG.

In any case, while what you want is definitely possible, your constraint
that a particular, unmodified version of a particular tool be used severly
limits you. I doubt what you want can be done simply with the gpg tool.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
bss03@volumehost.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.org/ \_/
 

Thread Tools




All times are GMT. The time now is 11:18 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ę2007 - 2008, www.linux-archive.org