From: "Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>
To: grub-devel@gnu.org
Subject: Release signing key still uses SHA1
Date: Tue, 12 Mar 2024 05:13:24 +0100 [thread overview]
Message-ID: <Ze_WZe2HVrNnn2oG@mail-itl> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 1529 bytes --]
Hi,
The key used to sign release tarballs and git tags still uses SHA1 for
its self-signature. Is updated key somewhere already?
SHA1 is starting to be rejected by some tools already, for example
sequoia-sq:
$ sq inspect grub-dkiper.pub
grub-dkiper.pub: OpenPGP Certificate.
Fingerprint: BE5C23209ACDDACEB20DB0A28C8189F1988C2166
Public-key algo: RSA
Public-key size: 4096 bits
Creation time: 2017-02-05 03:43:32 UTC
Expiration time: 2028-02-14 00:05:49 UTC (creation time + 11years 8days 2h 22m 17s)
Key flags: certification, signing
Subkey: 1BE37633B1B7EA3E057CC384955D1898DC24BB87
Invalid: Policy rejected non-revocation signature (SubkeyBinding) requiring second pre-image resistance
because: SHA1 is not considered secure
Invalid: Policy rejected non-revocation signature (SubkeyBinding) requiring second pre-image resistance
Public-key algo: RSA
Public-key size: 4096 bits
Creation time: 2017-02-05 03:43:32 UTC
UserID: Daniel Kiper <daniel.kiper@oracle.com>
UserID: Daniel Kiper <dkiper@net-space.pl>
Invalid: Policy rejected non-revocation signature (PositiveCertification) requiring second pre-image resistance
because: SHA1 is not considered secure
Certifications: 95, use --certifications to list
--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
[-- Attachment #2: Type: text/plain, Size: 141 bytes --]
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
next reply other threads:[~2024-03-12 4:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-12 4:13 Marek Marczykowski-Górecki [this message]
2024-04-25 21:27 ` Release signing key still uses SHA1 Daniel Kiper
2024-04-25 22:13 ` Marek Marczykowski-Górecki
2024-05-08 16:44 ` Daniel Kiper
-- strict thread matches above, loose matches on Subject: below --
2024-03-12 2:41 Marek Marczykowski-Górecki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Ze_WZe2HVrNnn2oG@mail-itl \
--to=marmarek@invisiblethingslab.com \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.