[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#540215: Introduce dh_checksums

[Wouter Verhelst]
> At any rate, a PGP signature takes a lot of data; much more so than
> a checksum.  It's therefore more economical to produce a signed
> package.checksums file than it is to produce a package.pgpsigs.

Huh?  Since asymmetric cryptography is so computationally expensive,
PGP never signs the payload directly.  Instead, the payload is hashed
and then the hash is signed.  So it is not (noticeably) more economical
to sign foo.md5sums than to sign the whole data.tar.gz.

[Same goes for encrypting: PGP encrypts with a conventional block
cipher like AES and a randomly generated key, then encrypts the _key_
using RSA.  Again, this is for efficiency.]

Or is this not what you meant?  I'm confused.

> And since checksum files are generated at build time rather than at
> install time, it is possible to download a known-good copy of the
> .deb that is installed (using snapshot.debian.org, once it gets live,
> for instance, or from a not-compromised host's apt cache), and verify
> the files against that copy rather than the copy that is on the disk.

If you're going to the trouble to download a .deb, why bother with
signatures at all?  Why not just compare the full text directly?

If you have a .deb on a different host and don't want to transfer the
entire thing over the network, well, no reason you can't do your
SHA16384 on both ends, and transfer only the hashes at that time.
Peter Samuelson | org-tld!p12n!peter | http://p12n.org/

Reply to: