Thursday 18 January 2024

Bumping apt RSA key length requirements to 3072-bit (2048 w/ warning) for 24.04


we just noticed again that we are still trusting 1024R keys for
signing repositories in APT, arguably because we do not have a
means to tell gpgv the minimum key size.

While the upstream bug[0] is being worked on,
I have written a hack[1] that - if APT_SIGNING_REQUIREMENTS_HACK
environment variable is set - makes gpgv error out on keys smaller
than 2048R and warn on keys smaller than 3072R (following the
current OpenPGP draft size length requirements, 3072 is a SHOULD,
2048 a MUST).

I have also written code in APT to actually parse GPG error and
warning status messages, and set the environment variable.[2]

Sadly shipping this in 24.04 means that PPAs owned by user
accounts created prior to 2014-03-11[3] until the key rotation
mechanism(s) [4][5] have been implemented.

However given that (I've been informed) ~800 bits were already cracked about 5 years
ago, and we are planning to support 24.04 for 12 years, I believe
that this is necessary and it's better to take the pain now then
do an SRU to disable 1024R keys on existing systems.

This is more painful than the digest transition because we have
reason to believe that 1024R keys are potentially unsafe *now*
and we need to stop trusting them, whereas when we deprecated
MD5 and SHA1 we were able to have a deprecation period of a
stable release.

debian developer - | - free software dev
ubuntu core developer i speak de, en

ubuntu-devel mailing list
Modify settings or unsubscribe at: