is the PGP signature format the most widely supported one?
in [Cryptography]
|
Prev: Server and Client Analogy � The New Cryptography Model
Next: Password fields should not be interrupted by (messaging) pop-ups...
From: yawnmoth on 10 Mar 2010 13:34 Say you wanted to make a release of some software package with a signature to verify that it was you who made the release. PGP has a signature format that can be used to do this, as described at <http:// httpd.apache.org/dev/verification.html> but what other formats are there? In theory, it seems like one could use base64 encoded RSASSA-PSS signatures, but I don't know of any command line tools that could be used to verify those. I mean, I guess an X.509 certificate could maybe be signed with RSASSA-PSS but there you're verifying the signature of the X.509 cert itself - not of an arbitrary package you downloaded online. <http://www.openssl.org/docs/apps/rsa.html> can't be used, either, since that's only for RSA key generation and parsing - not for actual signature creation / verification.
From: Tom St Denis on 10 Mar 2010 13:53 On Mar 10, 1:34 pm, yawnmoth <terra1...(a)yahoo.com> wrote: > Say you wanted to make a release of some software package with a > signature to verify that it was you who made the release. PGP has a > signature format that can be used to do this, as described at <http:// > httpd.apache.org/dev/verification.html> but what other formats are > there? > > In theory, it seems like one could use base64 encoded RSASSA-PSS > signatures, but I don't know of any command line tools that could be > used to verify those. I mean, I guess an X.509 certificate could > maybe be signed with RSASSA-PSS but there you're verifying the > signature of the X.509 cert itself - not of an arbitrary package you > downloaded online. <http://www.openssl.org/docs/apps/rsa.html> can't > be used, either, since that's only for RSA key generation and parsing > - not for actual signature creation / verification. Strictly speaking you're talking about CMS which is an evolution of PKCS #7. And very few people use it, possibly the only context is S/ MIME. For signing files you're pretty much stuck with GPG/PGP. Tom
From: Thomas Pornin on 10 Mar 2010 15:20 According to Tom St Denis <tom(a)iahu.ca>: > Strictly speaking you're talking about CMS which is an evolution of > PKCS #7. And very few people use it, possibly the only context is S/ > MIME. I beg to differ. CMS-derived formats are much used, in particular in time stamps (RFC 3161) and in long-term archive format (CAdES). As time stamps, they sneaked into many other things, e.g. the Microsoft "authenticode" format. Opensource systems (mainly for binary package in Unix-like system distributions) tend to use OpenPGP because the tools are available (GnuPG) and the usages are such that the limitations of OpenPGP(*) are not an issue. (*) I am talking about the absence of any real support for trust delegation beyond the I-met-him-in-a-bar web of trust model. --Thomas Pornin
From: Joseph Ashwood on 10 Mar 2010 20:08 "yawnmoth" <terra1024(a)yahoo.com> wrote in message news:b23c56c2-0e77-4533-a2b3-ec41a5524df7(a)e1g2000yqh.googlegroups.com... > Say you wanted to make a release of some software package with a > signature to verify that it was you who made the release. PGP has a > signature format that can be used to do this, as described at <http:// > httpd.apache.org/dev/verification.html> but what other formats are > there? A few years ago there was a lot of work put into this with signed installers. A method (I'd have to look it up to see which one) is built into windows, the various linux updaters appear to all have something similar, Java was an early adopter of the concept. I'd suggest using the one that applies to your environment. Joe
From: unruh on 10 Mar 2010 20:52
On 2010-03-11, Joseph Ashwood <ashwood(a)msn.com> wrote: > "yawnmoth" <terra1024(a)yahoo.com> wrote in message > news:b23c56c2-0e77-4533-a2b3-ec41a5524df7(a)e1g2000yqh.googlegroups.com... >> Say you wanted to make a release of some software package with a >> signature to verify that it was you who made the release. PGP has a >> signature format that can be used to do this, as described at <http:// >> httpd.apache.org/dev/verification.html> but what other formats are >> there? There are three requirements of a signature for a release. a) A cyptographic hash of the thing being released. This is to ensure that someone else cannot change the object while maintaining the same hash. b)A way to deliver that hash so that the recipient is relatively sure that it is actually the hash as calculated by the person who released the object. This could be via a public key delivery system with some way of ensuring that the public key is actually the same as teh public key of the releaser, or it could be via delivery of the hash via some other mechanism that makes the recipient sure that it came from the releaser. c) A way of checking the hash on the object with that hash from the releaser. PGP delivers one way, the key being that one can fulfil b)-- making the recipient sure that the hash is that computed by the releaser. This means that there must be some way of securely identifying the releaser and getting the hash from the releaser.In this case, getting the public key of the releaser ( and being sure that this has not been replaced by that of the attacker) PGP has a whole mechanism for trying to ensure that the public key actually is that of the releaser (Web of trust, Signing authorities,...) > Paul Martin <pm(a)nowster.org.uk> > > A few years ago there was a lot of work put into this with signed > installers. A method (I'd have to look it up to see which one) is built into > windows, the various linux updaters appear to all have something similar, rpm uses gpg. > Java was an early adopter of the concept. I'd suggest using the one that > applies to your environment. > Joe > |