Koji support for larger gpg rpm signatures
Jesse Keating
jkeating at redhat.com
Tue Jan 20 00:18:49 UTC 2009
As part of our sha-256 efforts, we're trying to sign rpms with a sha-2
digest. I'm attempting to sign packages with a RSA key that is size
4096, the biggest possible. However I'm running into problems importing
this into koji, due to my local signing software haven stolen come code
from koji to determine what the sigkey is. The koji code makes an
assumption about where the key ID exists in the signature header, and it
seems this assumption is wrong when larger keys are used.
Mitr who has been helping me says that for a quick hack, when getting
the key chunk out of the hex, we can assume that sigkey[13:17] works if
sigkey[0] is 0x88, but if 0 is 0x89, we have to go to 14:18.
This comes up a few times in koji code, so I thought some discussion was
in order before setting off to make a patch.
Is there anything better we can do instead of snaking raw data out of
headers?
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-buildsys-list/attachments/20090119/f474c6e6/attachment.sig>
More information about the Fedora-buildsys-list
mailing list