Re: Bug#540215: Introduce dh_checksums, clear-signed checksum
On Wed, 2010-03-10 at 10:52 -0800, Russ Allbery wrote:
> Peter Samuelson <email@example.com> writes:
> > [Wouter Verhelst]
> >> At any rate, a PGP signature takes a lot of data; much more so than
> >> a checksum. It's therefore more economical to produce a signed
> >> package.checksums file than it is to produce a package.pgpsigs.
> > Huh? Since asymmetric cryptography is so computationally expensive,
> > PGP never signs the payload directly. Instead, the payload is hashed
> > and then the hash is signed. So it is not (noticeably) more economical
> > to sign foo.md5sums than to sign the whole data.tar.gz.
> However, since the most common verification action is probably going to be
> to check whether a specific file installed on the system has been
> modified, Wouter's approach is probably the best implementation strategy.
> It's more efficient to compute the checksum of a file, check that it
> matches the checksum in the signed file, and verify the signature on that
> file than it is to verify the data.tar.gz signature and then extract the
> relevant file from it and compare it to the file on disk. Among other
> things, you can use the first algorithm with nothing but the signed
> checksum files, which are a lot smaller than keeping the whole package
GPG clear-signed messages
I made some tests, and it seems that we could allow,but not require, GPG
signed checksum-file. sha256sum will ignore invalid lines by default
(unless you specify --warn option).
Similarly, the policy could state that GPG clear-signed shasum files are
allowed. Tools using shasum should still strip the signature, especially
when using the checksum for security purpose.
Let me know you find this feature useful (or over engineered).