Opened 7 weeks ago

Closed 7 days ago

#31292 closed task (fixed)

please sign Tor releases with an OpenPGP tool that includes Issuer Fingerprint subpackets

Reported by: dkg Owned by: nickm
Priority: Medium Milestone: Tor: 0.4.2.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: release
Cc: nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The OpenPGP signatures on distributed tor software currently have only an unhashed "issuer" subpacket, which contains only the 64-bit keyid of the public key used to create the signature.

Modern versions of GnuPG (version 2.1.16 or later) produce an "issuer fingerprint" subpacket in each signature by default, which includes the full fingerprint of the issuing public key.

The "issuer fingerprint" subpacket provides a much stronger linkage between the signature and the OpenPGP key used to make it.

This is not a core security concern -- that is, lack of an "issuer fingerprint" subpacket doesn't make it possible to forge signatures or do anything comparably serious -- but the story we tell about verifying signatures is cleaner if the full fingerprint is present in each signature.

If it is possible to upgrade the version of GnuPG (or any other modern OpenPGP implementation) that signs Tor releases to one that generates these subpackets, that would be a good thing.

Child Tickets

Change History (9)

comment:1 Changed 7 weeks ago by boklm

Is it an issue with the signatures of the Tor source tarballs (https://www.torproject.org/download/tor/), the Tor Browser builds (https://www.torproject.org/download/languages/), or both?

comment:2 Changed 7 weeks ago by dkg

it looks like all of them.

If you fetch the signature, and feed it through pgpdump or gpg --list-packets you can see whether or not there is an issuer fingerprint packet or not.

Example output of gpg --list-packets without an issuer fingerprint:

# off=0 ctb=89 tag=2 hlen=3 plen=540
:signature packet: algo 1, keyid 6AFEE6D49E92B601
	version 4, created 1556821409, md5len 0, sigclass 0x00
	digest algo 10, begin of digest d2 6c
	hashed subpkt 2 len 4 (sig created 2019-05-02)
	subpkt 16 len 8 (issuer key ID 6AFEE6D49E92B601)
	data: [4096 bits]

Example with an issuer fingerprint subpacket:

# off=0 ctb=89 tag=2 hlen=3 plen=626
:signature packet: algo 1, keyid B97A1EE09DB417EC
	version 4, created 1562013678, md5len 0, sigclass 0x01
	digest algo 8, begin of digest e8 76
	hashed subpkt 33 len 21 (issuer fpr v4 59A29DEA8D37388C656863DFB97A1EE09DB417EC)
	hashed subpkt 2 len 4 (sig created 2019-07-01)
	hashed subpkt 24 len 40 (preferred keyserver: https://metacode.biz/@wiktor/openpgp/key)
	hashed subpkt 28 len 19 (signer's user ID)
	subpkt 16 len 8 (issuer key ID B97A1EE09DB417EC)
	data: [4095 bits]

You're looking for the subpkt 33 line -- and, it's also better if it's a "hashed" subpacket, because that means it cannot be stripped without invalidating the signature.

Last edited 7 weeks ago by dkg (previous) (diff)

comment:3 Changed 7 weeks ago by boklm

Component: ApplicationsCore Tor/Tor

As Tor source tarballs and Tor Browser builds are signed separately, I opened a separate ticket for the Tor Browser signatures: #31294.

We can use this ticket for the Tor source tarballs signatures.

comment:4 Changed 5 weeks ago by dgoulet

Cc: nickm added
Keywords: release added
Milestone: Tor: 0.4.2.x-final

comment:5 Changed 4 weeks ago by nickm

I've tried to do this for the 0.4.1.5 release. Apparently on Fedora (where I sign things), "gpg" is gpg v1, and I need to say "gpg2" to get a modern version. I've added some shell aliases and set up my git environment.

comment:6 Changed 4 weeks ago by dkg

I can confirm that https://dist.torproject.org/tor-0.4.1.5.tar.gz.asc has the issuer fingerprint subpacket. Thanks, nickm!

comment:7 Changed 4 weeks ago by dkg

comment:8 Changed 11 days ago by nickm

Owner: set to nickm
Status: newaccepted
Type: defecttask

comment:9 Changed 7 days ago by nickm

Resolution: fixed
Status: acceptedclosed
Note: See TracTickets for help on using tickets.