[qubes-users] Verifying signatures

Rune_Philosof · November 29, 2021, 8:06pm

When I follow the guide on Verifying signatures | Qubes OS
I get the following result


[vagrant@fedora ~]$ gpg2 --check-signatures "Qubes Master Signing Key"
pub rsa4096 2010-04-01 [SC]
427F11FD0FAA4B080123F01CDDFA1A3E36879494
uid [ultimate] Qubes Master Signing Key
sig!3 DDFA1A3E36879494 2010-04-01 Qubes Master Signing Key

gpg: 1 good signature
[vagrant@fedora ~]$ gpg2 --check-signatures "Qubes OS Release 4 Signing Key"
pub rsa4096 2017-03-06 [SC]
5817A43B283DE5A9181A522E1848792F9E2795E9
uid [ unknown] Qubes OS Release 4 Signing Key
sig!3 1848792F9E2795E9 2017-03-06 Qubes OS Release 4 Signing Key
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: (use option "--allow-weak-key-signatures" to override)
sig% DDFA1A3E36879494 2017-03-08 [Invalid digest algorithm]

gpg: 1 good signature
gpg: 1 signature not checked due to an error

Is it because the master key is old and the old defaults are now considering too weak?
If so, why not distribute a new one?

adw · November 30, 2021, 11:32am

When I follow the guide
on Verifying signatures | Qubes OS
I get the following result

[vagrant@fedora ~]$ gpg2 --check-signatures "Qubes Master Signing Key"
pub   rsa4096 2010-04-01 [SC]
       427F11FD0FAA4B080123F01CDDFA1A3E36879494
uid           [ultimate] Qubes Master Signing Key
sig!3        DDFA1A3E36879494 2010-04-01  Qubes Master Signing Key

gpg: 1 good signature
[vagrant@fedora ~]$ gpg2 --check-signatures "Qubes OS Release 4 Signing Key"
pub   rsa4096 2017-03-06 [SC]
       5817A43B283DE5A9181A522E1848792F9E2795E9
uid           [ unknown] Qubes OS Release 4 Signing Key
sig!3        1848792F9E2795E9 2017-03-06  Qubes OS Release 4 Signing Key
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: (use option "--allow-weak-key-signatures" to override)
sig%         DDFA1A3E36879494 2017-03-08  [Invalid digest algorithm]

gpg: 1 good signature
gpg: 1 signature not checked due to an error

Is it because the master key is old and the old defaults are now
considering too weak?

I take it you're referring to the message about SHA1. I'm not certain, but we do have a related open issue, which the devs are working on now:

github.com/QubesOS/qubes-issues

Resign all GPG keys with SHA-256 or better

opened 03:33PM - 19 Mar 21 UTC

closed 02:49PM - 25 Aug 22 UTC

DemiMarie

C: other P: major T: task cryptography security

**Brief summary** Several of the QubesOS developers GPG keys are signed with …SHA-1. SHA-1 is considered weak and should be replaced by SHA-256 or better. This will require resigning the keys. **Additional context** This is a defense in depth task. Since we assume that the GPG keys were honestly generated, finding a different key with the same SHA-1 hash would require a preimage attack, which is not considered feasible.

Also see the comments on this issue, which are even more specific to your question:

github.com/QubesOS/qubes-issues

Is Qubes master signing key SHA1?

opened 09:37PM - 06 Oct 18 UTC

closed 10:05PM - 06 Oct 18 UTC

19hundreds

R: duplicate

Hello, this is not a bug report but a heads up. I've read the guideline and …I couldn't find a better fitting way to report this case. Somehow mailing list felt wrong. I'm definitely a newbie in everything therefore, hopefully, what I'm reporting here is totally irrelevant if not wrong. I'm studying GPG and I was playing around with GPG conf. Some guides I've stumbled upon are advising to add this GPG line to gpg.conf ``` weak-digest SHA1 ``` because of [this](https://www.computerworld.com/article/3173616/security/the-sha1-hash-function-is-now-completely-unsafe.html) reported SHA1 collision. After adding this like I noticed that I was unable to import Qubes signing key ``` user@x-vault:~ > gpg --batch --gen-key foo gpg: keybox '/home/user/.gnupg/pubring.kbx' created gpg: Generating a default key gpg: /home/user/.gnupg/trustdb.gpg: trustdb created gpg: key 0x05E61DD6D9F8311C marked as ultimately trusted gpg: revocation certificate stored as '/home/user/.gnupg/openpgp-revocs.d/80F8CC94DC3432176C8FCE7705E61DD6D9F8311C.rev' gpg: done user@x-vault:~ > gpg --import qubes-master-signing-key.asc gpg: Note: signatures using the SHA1 algorithm are rejected gpg: key 0xDDFA1A3E36879494: no valid user IDs gpg: this may be caused by a missing self-signature gpg: Total number processed: 1 gpg: w/o user IDs: 1 ``` Notice the: **gpg: Note: signatures using the SHA1 algorithm are rejected**. The key was not imported. ``` user@x-vault:~ > gpg -k gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u /home/user/.gnupg/pubring.kbx ----------------------------- pub rsa4096/0x05E61DD6D9F8311C 2018-10-06 [SC] Key fingerprint = 80F8 CC94 DC34 3217 6C8F CE77 05E6 1DD6 D9F8 311C uid [ultimate] Joe Tester <joe@foo.bar> ``` The only way I have found to import it was to use the `--allow-non-selfsigned-uid` option: ``` user@x-vault:~ > gpg --allow-non-selfsigned-uid --import qubes-master-signing-key.asc gpg: Note: signatures using the SHA1 algorithm are rejected gpg: key 0xDDFA1A3E36879494: accepted non self-signed user ID "Qubes Master Signing Key" gpg: key 0xDDFA1A3E36879494: public key "Qubes Master Signing Key" imported gpg: Total number processed: 1 gpg: imported: 1 user@x-vault:~ > gpg -k /home/user/.gnupg/pubring.kbx ----------------------------- pub rsa4096/0x05E61DD6D9F8311C 2018-10-06 [SC] Key fingerprint = 80F8 CC94 DC34 3217 6C8F CE77 05E6 1DD6 D9F8 311C uid [ultimate] Joe Tester <joe@foo.bar> gpg: Note: signatures using the SHA1 algorithm are rejected pub rsa4096/0xDDFA1A3E36879494 2010-04-01 [SCEA] Key fingerprint = 427F 11FD 0FAA 4B08 0123 F01C DDFA 1A3E 3687 9494 uid [ unknown] Qubes Master Signing Key ``` So I commented the `weak-digest SHA1` line from my GPG conf and repeated the operation. It worked without problems. Then I checked your key with this command: ``` user@x-vault:~ > gpg --list-packets qubes-master-signing-key.asc # off=0 ctb=99 tag=6 hlen=3 plen=525 :public key packet: version 4, algo 1, created 1270124793, expires 0 pkey[0]: [4096 bits] pkey[1]: [17 bits] keyid: DDFA1A3E36879494 # off=528 ctb=b4 tag=13 hlen=2 plen=24 :user ID packet: "Qubes Master Signing Key" # off=554 ctb=89 tag=2 hlen=3 plen=568 :signature packet: algo 1, keyid DDFA1A3E36879494 version 4, created 1270124793, md5len 0, sigclass 0x13 digest algo 2, begin of digest d7 b9 hashed subpkt 2 len 4 (sig created 2010-04-01) hashed subpkt 27 len 1 (key flags: 03) hashed subpkt 11 len 5 (pref-sym-algos: 9 8 7 3 2) hashed subpkt 21 len 5 (pref-hash-algos: 8 2 9 10 11) hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1) hashed subpkt 30 len 1 (features: 01) hashed subpkt 23 len 1 (keyserver preferences: 80) subpkt 16 len 8 (issuer key ID DDFA1A3E36879494) data: [4095 bits] ``` Accordingly to [RFC 4880](https://tools.ietf.org/html/rfc4880#section-9.4) SHA1 is ID 2 ``` Hash Algorithms ID Algorithm Text Name 1 - MD5 [HAC] "MD5" 2 - SHA-1 [FIPS180] "SHA1" ``` which matches the line: `digest algo 2, begin of digest d7 b9` My limited knowledge doesn't help here, however I interpret the above output in this way: > you signed your public key (MD5 hashed) using a SHA1 hashed signature ``` :public key packet: version 4, algo 1, created 1270124793, expires 0 :signature packet: algo 1, keyid DDFA1A3E36879494 version 4, created 1270124793, md5len 0, sigclass 0x13 digest algo 2, begin of digest d7 b9 ``` Do I get it right? Do you think this can be an issue? I hope I'm not wasting your precious and already limited time. Thank you very much for your exceptional work: words can't describe my appreciation.

In particular, Marek commented (on #4378):

"In general, it may be a good idea to create new signature using SHA256 or such, to ease the use with weak-digest SHA1 option enabled. But in practice, in the current state SHA1 problems doesn't affect security of the key itself, because there are no known pre-image attacks.
New signatures are made with SHA256 hash function."

If so, why not distribute a new one?

It's not that simple. As Marek recently pointed out to me, "The current QMSK is well known and published in a lot of places (easing its verification), including various conference videos, physical t-shirts we sold, some stickers etc. With every new QMSK it will take time until it will be comparably easy to independently verify."

Having said that, we do have an open issue for generating a new QMSK:

github.com/QubesOS/qubes-issues

Consider generating new shared Qubes Master Signing Key

opened 01:12PM - 19 May 17 UTC

rootkovska

T: enhancement C: other P: major cryptography security project management

I think it's a nobrainer to state that it would be beneficial for everybody, i.e…. the project, its users, and even myself, if we could get a new Qubes Master Signing Key (QMSK), such that could be **shared** between N parties, of which M would be required to meet in order to use the key to sign other keys (i.e. the specific Release Signing Keys). For this effort to make sense, there are a few additional requirements though: 1. There should be just one key, usable the same way as standard GPG keys are used to sign/verify software. The solution that N people have just N keys and all of them sign the other keys, is simply not acceptable from the user point of view. 2. None of the N holders should be able to walk away with the full QMSK after any of the signing ceremony. 3. The owner of the laptop on which the creation and/or any of the further ceremonies take place, should also not be able to steal the QMSK. The recent discussion on qubes-devel [1] has encouraged me to think again about this problem and I've come up with the following idea which I'd like that we further discuss: 1. Assuming we have a laptop that _approximates_ the idea of a stateless laptop [2] reasonably well (of course, I'm realistic enough to know we won't have any True Stateless Laptop anytime soon). Let's call this laptop: **Laptop**. Also, we shall defer the discussion about how well should this approximation be, until some later time. Meanwhile I'm more interested in discussing other aspects of this proposal. 2. The Laptop runs **Tails** and uses encrypted persistent partition (likely LUKS-based, like the standard Persistence mode in Tails does), which is called **Persistent Partition**. The Persistent Partition is unlockable with a keyfile, which we shall call: the **Keyfile**. 3. During the **Initial Ceremony**, we generate: 1) the new QMSK, and 2) the Keyfile which will be used for the Persistent Partition encryption. The Keyfile is then used to mount the Persistent Partition and the new QMSK is moved onto this partition. 4. Still at the Initial Ceremony, the keyfile is split among N parties, creating N **Shared Keys**. This likely could be achieved using the `ssss` program (don't remember if it's part of the standard Tails distro, if not, we should use something that is, or convince Tails people to include it :) 5. The original Keyfile is then destroyed (here's where one of the benefits of using Tails for this exercise become clear, another benefit: we can use nearly arbitrary old machine as the Laptop) 6. Subsequently, whenever there is a need to use the QMSK, e.g. to sign the new Qubes Release Key, at least M out of N parties needs to meet, boot the Laptop using Tails, plug at least M USB sticks, combine the M Shared Keys, recreate the Keyfile, then mount the Persistent Partition. 7. Once the Persistent Partition gets mounted, we can create new keys (e.g. Release Signing Key), and sign them with the Master Key. Also, in case we needed to sign some other keys (e.g. other people's key), we the the trick suggested by @petertodd might be used: a one-time-use Binding Keys could be created, and signed by the QMSK. Note: I'm not really convinced about the idea of bi-directional signing (i.e. to have the binding key also sign the QMSK) -- this seems like some superficial trick, not really needed by us. 8. Once the keys are ready for export, we can copy them to some ephemeral fs, unmount the Persistent Partition (plus some make sure the memory with secrets also got wiped...), and subsequently export the keys, even using something like a USB stick... Open issues: 1. What's the best way to import the Shared Keys? Plugging USB sticks obviously endangers the laptop to some attacks... Using HSMs does not change much hear, as these are... also USB devices. One option is to keep them on some read-only mediums (DVD), of course encrypted with some user-only-known passphrase. 2. It seems to me that the Persistent Partition could be also burnt to such a DVD, for even if we are going to be generating new keys there, these would be exported and no problem if we discard them from the Persistent Partition. 3. The choice of M and N. Right now I'm thinking M = 2, N = 3 (me, Marek, plus somebody only we know who). Other options might be possible though. 4. Will we ever have a need to sign any keys non-generated on the Laptop? Likely not: only Release Keys, and these should then sign individual developer's keys. Does this make most of the discussion in [1] futile, or am I missing something? /cc @marmarek @andrewdavidwong @woju @petertodd [1] https://groups.google.com/d/msg/qubes-devel/XreFo6RM47Q/U_jmqK5SBgAJ [2] https://blog.invisiblethings.org/papers/2015/state_harmful.pdf

We likely will at some point, but it's not an action to be taken lightly.

Ulrich_Windl · November 30, 2021, 6:18pm

When I follow the guide
on Verifying signatures | Qubes OS
I get the following result
[vagrant@fedora ~]$ gpg2 --check-signatures "Qubes Master Signing Key"
pub   rsa4096 2010-04-01 [SC]
       427F11FD0FAA4B080123F01CDDFA1A3E36879494
uid           [ultimate] Qubes Master Signing Key
sig!3        DDFA1A3E36879494 2010-04-01  Qubes Master Signing Key

gpg: 1 good signature
[vagrant@fedora ~]$ gpg2 --check-signatures "Qubes OS Release 4 Signing Key"
pub   rsa4096 2017-03-06 [SC]
       5817A43B283DE5A9181A522E1848792F9E2795E9
uid           [ unknown] Qubes OS Release 4 Signing Key
sig!3        1848792F9E2795E9 2017-03-06  Qubes OS Release 4 Signing Key
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: (use option "--allow-weak-key-signatures" to override)
sig%         DDFA1A3E36879494 2017-03-08  [Invalid digest algorithm]

gpg: 1 good signature
gpg: 1 signature not checked due to an error
Is it because the master key is old and the old defaults are now
considering too weak?
I take it you're referring to the message about SHA1. I'm not certain, but we do have a related open issue, which the devs are working on now:

Resign all GPG keys with SHA-256 or better · Issue #6470 · QubesOS/qubes-issues · GitHub

Also see the comments on this issue, which are even more specific to your question:

Is Qubes master signing key SHA1? · Issue #4378 · QubesOS/qubes-issues · GitHub

In particular, Marek commented (on #4378):

"In general, it may be a good idea to create new signature using SHA256 or such, to ease the use with weak-digest SHA1 option enabled. But in practice, in the current state SHA1 problems doesn't affect security of the key itself, because there are no known pre-image attacks.
New signatures are made with SHA256 hash function."

If so, why not distribute a new one?

It's not that simple. As Marek recently pointed out to me, "The current QMSK is well known and published in a lot of places (easing its verification), including various conference videos, physical t-shirts we sold, some stickers etc. With every new QMSK it will take time until it will be comparably easy to independently verify."

But isn't that exactly the advantage of the "web of trust"?: You can sign the new key with your old key, and people will (have the chance to) trust the new key as well.

adw · December 1, 2021, 12:16am

When I follow the guide
on Verifying signatures | Qubes OS
I get the following result
[vagrant@fedora ~]$ gpg2 --check-signatures "Qubes Master Signing Key"
pub   rsa4096 2010-04-01 [SC]
       427F11FD0FAA4B080123F01CDDFA1A3E36879494
uid           [ultimate] Qubes Master Signing Key
sig!3        DDFA1A3E36879494 2010-04-01  Qubes Master Signing Key

gpg: 1 good signature
[vagrant@fedora ~]$ gpg2 --check-signatures "Qubes OS Release 4 Signing Key"
pub   rsa4096 2017-03-06 [SC]
       5817A43B283DE5A9181A522E1848792F9E2795E9
uid           [ unknown] Qubes OS Release 4 Signing Key
sig!3        1848792F9E2795E9 2017-03-06  Qubes OS Release 4 Signing Key
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: (use option "--allow-weak-key-signatures" to override)
sig%         DDFA1A3E36879494 2017-03-08  [Invalid digest algorithm]

gpg: 1 good signature
gpg: 1 signature not checked due to an error
Is it because the master key is old and the old defaults are now
considering too weak?
I take it you're referring to the message about SHA1. I'm not certain, but we do have a related open issue, which the devs are working on now:

Resign all GPG keys with SHA-256 or better · Issue #6470 · QubesOS/qubes-issues · GitHub

Also see the comments on this issue, which are even more specific to your question:

Is Qubes master signing key SHA1? · Issue #4378 · QubesOS/qubes-issues · GitHub

In particular, Marek commented (on #4378):

"In general, it may be a good idea to create new signature using SHA256 or such, to ease the use with weak-digest SHA1 option enabled. But in practice, in the current state SHA1 problems doesn't affect security of the key itself, because there are no known pre-image attacks.
New signatures are made with SHA256 hash function."

If so, why not distribute a new one?

It's not that simple. As Marek recently pointed out to me, "The current QMSK is well known and published in a lot of places (easing its verification), including various conference videos, physical t-shirts we sold, some stickers etc. With every new QMSK it will take time until it will be comparably easy to independently verify."
But isn't that exactly the advantage of the "web of trust"?: You can sign the new key with your old key, and people will (have the chance to) trust the new key as well.

The Web of Trust is only one of several different methods for authenticating the QMSK. Many of our users do not use the Web of Trust. Please read this for further details: