Gebruikershulpmiddelen

Site-hulpmiddelen

Spoor: gpg_key_resign gitlab_runners x11_display_forwarding
werkinstructies:gpg_key_resign

Verschillen

Dit geeft de verschillen weer tussen de geselecteerde revisie en de huidige revisie van de pagina.

Link naar deze vergelijking

Beide kanten vorige revisie Vorige revisie
Volgende revisie 		Vorige revisie
werkinstructies:gpg_key_resign [2022/06/23 15:13]
abel [check if an rpm is signed with the same key] 		werkinstructies:gpg_key_resign [2022/08/03 11:27] (huidige)
abel [Resign the secret key]
Regel 6: Regel 6:
 The packages in a repository are signed with the SHA1 signed key, now we resign the gpg key it self but the signage on the package is still valid. (hopefully) The packages in a repository are signed with the SHA1 signed key, now we resign the gpg key it self but the signage on the package is still valid. (hopefully)
  
 +importing the SHA1 gpg key to rpm will trow an error:\\
 +
 +''%%sudo rpm --import EXAMPLEKEY-SHA1-public.gpg%%''
 +<code>
 +error: EXAMPLEKEY-SHA1-public.gpg: key 1 import failed.
 +</code>
 ===== get the original keys ===== ===== get the original keys =====
  
Regel 64: Regel 70:
  
 Do this by: \\ Do this by: \\
-''%%gpg --cipher-algo IDEA --cert-digest-algo sha512 --expert --edit-key secret-key.gpg%%''+''%%gpg --cipher-algo IDEA --cert-digest-algo sha256 --expert --edit-key secret-key.gpg%%''
  
 <code> <code>
Regel 72: Regel 78:
  
 sec  rsa2048/0447A2B8C3FAC3BD sec  rsa2048/0447A2B8C3FAC3BD
-     created: 2016-02-09  expires: never       usage: SC+     created: 2019-02-09  expires: never       usage: SC
      trust: unknown       validity: unknown      trust: unknown       validity: unknown
 ssb  rsa2048/5CA7D2244AEACD3A ssb  rsa2048/5CA7D2244AEACD3A
-     created: 2016-02-09  expires: never       usage: E+     created: 2019-02-09  expires: never       usage: E
 [ unknown] (1). EXAMPLEKEY [ unknown] (1). EXAMPLEKEY
 </code> </code>
Regel 84: Regel 90:
  
 sec  rsa2048/0447A2B8C3FAC3BD sec  rsa2048/0447A2B8C3FAC3BD
-     created: 2016-02-09  expires: never       usage: SC+     created: 2019-02-09  expires: never       usage: SC
      trust: unknown       validity: unknown      trust: unknown       validity: unknown
  Primary key fingerprint: FF7E B743 48CB CA81 256B  28C7 0447 A2B8 C3FA C3BD  Primary key fingerprint: FF7E B743 48CB CA81 256B  28C7 0447 A2B8 C3FA C3BD
Regel 284: Regel 290:
 As you can see the key ID should be the same as the number in the pub part of the gpg key, and are the same as the last 8 digits in the full key ID. As you can see the key ID should be the same as the number in the pub part of the gpg key, and are the same as the last 8 digits in the full key ID.
  
 +===== check an rpm signed with the old SHA1 key =====
 +Now you migt think, "hold on, the last comment says: //**RSA/SHA1 Signature**// and the installed gpg key is now SHA512."
  
 +But if we test before installing: \\
 +''%%rpm -K filename.rpm%%''
  
 +It says OK:
 +<code>
 +filename.rpm: digests OK
 +</code>
  
  
- +<note warning>Ah thats a shame: Error: **GPG check FAILED** </note>
- +
- +
- +
  
 ===== Bronnen ===== ===== Bronnen =====
werkinstructies/gpg_key_resign.1655990019.txt.gz · Laatst gewijzigd: 2022/06/23 15:13 door abel

Paginahulpmiddelen

Tenzij anders vermeld valt de inhoud van deze wiki onder de volgende licentie: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki