Re: Bug#540215: Introduce dh_checksums
Peter Samuelson <firstname.lastname@example.org> writes:
> [Wouter Verhelst]
>> At any rate, a PGP signature takes a lot of data; much more so than
>> a checksum. It's therefore more economical to produce a signed
>> package.checksums file than it is to produce a package.pgpsigs.
> Huh? Since asymmetric cryptography is so computationally expensive,
> PGP never signs the payload directly. Instead, the payload is hashed
> and then the hash is signed. So it is not (noticeably) more economical
> to sign foo.md5sums than to sign the whole data.tar.gz.
However, since the most common verification action is probably going to be
to check whether a specific file installed on the system has been
modified, Wouter's approach is probably the best implementation strategy.
It's more efficient to compute the checksum of a file, check that it
matches the checksum in the signed file, and verify the signature on that
file than it is to verify the data.tar.gz signature and then extract the
relevant file from it and compare it to the file on disk. Among other
things, you can use the first algorithm with nothing but the signed
checksum files, which are a lot smaller than keeping the whole package
> If you're going to the trouble to download a .deb, why bother with
> signatures at all? Why not just compare the full text directly?
Indeed. It's an efficiency gain for much the same reasons as above, but
not really a security gain.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>