From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nikita Karetnikov Subject: Re: Signed archives (preliminary patch) Date: Sat, 01 Mar 2014 01:22:17 +0400 Message-ID: <87a9dbj5km.fsf@karetnikov.org> References: <87txcqesqv.fsf@karetnikov.org> <87eh3ure1r.fsf@gnu.org> <87bnyyiv2u.fsf_-_@karetnikov.org> <87ha8qo7rl.fsf@gnu.org> <8761p5jv1g.fsf@karetnikov.org> <87r47tfmes.fsf@gnu.org> <8738k0pj8c.fsf@karetnikov.org> <874n4fnhs7.fsf@gnu.org> <87ppmigld8.fsf@karetnikov.org> <87y514dv2u.fsf@gnu.org> <87y50wffjy.fsf_-_@karetnikov.org> <874n3kp46f.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:52569) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WJUmT-0004l2-3N for guix-devel@gnu.org; Fri, 28 Feb 2014 16:15:42 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WJUmR-0006iD-OQ for guix-devel@gnu.org; Fri, 28 Feb 2014 16:15:41 -0500 In-Reply-To: <874n3kp46f.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?= =?utf-8?Q?s?= message of "Thu, 27 Feb 2014 23:43:36 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel@gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable > There=E2=80=99s an important check missing here: the code verifies that B= ODY* is > a valid signature, but it doesn=E2=80=99t check whether what it signs > corresponds to this narinfo up to but excluding the =E2=80=98Signature=E2= =80=99 field. Oh, indeed. > 5. pass the hash to the signature verification procedure. Then, it should extract the other hash from the Signature line, compare the hashes, and run the rest of the checks, right? >> + ("Signature" . ,(lambda (narinfo) >> + (let ((sig (narinfo-signature nar= info))) >> + (string-append >> + (number->string (signature-ver= sion sig)) >> + ";" >> + (signature-key-id sig) >> + ";" >> + (base64-encode >> + ;; XXX: Can we assume UTF-8 h= ere? >> + (string->utf8 >> + (canonical-sexp->string >> + (signature-body sig))))))))) > It=E2=80=99s important to keep the original signatures intact. Not sure I follow. Can I simply use ("Signature" . ,narinfo-signature)? > To fix this, the record must include an additional field to > contain the original narinfo string. Please elaborate. Which string are you talking about? --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJTEP4MAAoJEM+IQzI9IQ380z4P/2nkxE+VuPukRaIHtarRLeEC lw2OPHybrsoV2oq74kdmIF3BYoBkpxeCKpVpfNWQQT9hMCeHd6Zd/I4tn8y29xtS f/+ccccW62N2F45zQN1XLwVp8Rajj+bpcM+/JIeggnJrVQfmWTfiCEWKIbB9tAs0 FLa2Bc8jw7gYuDjAtQWC8DbQrWkio8tPcqoCDo8byOcJro4S7uo9DCDDP+AntfEd 1PQbGM1XNOsiaVuFHV4PRpq7y6dZ8OZq30uwssYIhv5fPHFu60yf1qaEjih8BuZt 71zssi0i0lsbHY+yxOpr/VqqN1cTU3tYmBZaTcCggH33YioR8Msa6QQ21RBmXIMb tqV+VQJqh9PLVGiVSIUH01J6eRPhS+HyIbOkza4h+3I/mivjKEwM0qga7P9Fx5Fa QzYAEhWx0u38SurwwXuwWcKMkjR8oOIQvG5lqFzuTJkjdUq1D3xzqdWvP1j8fU+3 dNY8s7rdkHdKk+2GYqIsOHwP4i7QvcgBB1JEmgchTKDN11i+au2Dda9R/IRiaF3V bdIwJEiu3ncB0T/N6Xp0f5QvoACtUopuuZoP2SyazFJytob3hEdWYEU6me6PA8Mt wqhDhYIMZPp8NFrgMA5MJpQtI8/K3l4hbo9/vwE3IvX0ZQ82i1YT/nwZYo3/pQBt NKzCFSASKwUoHwtHKeep =lqlU -----END PGP SIGNATURE----- --=-=-=--