Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-102974

[RFE] PQC: Add SHA3 payload digest

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Story Story
    • Resolution: Won't Do
    • Icon: Critical Critical
    • rhel-10.1
    • rhel-10.0
    • rpm
    • None
    • rhel-swm
    • 22
    • 24
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      The cryptographic integrity of the payload is governed by the payload digest, which in turn is signed when signing the header. The payload digest in v4 packages is hardcoded to SHA2-256 so just to be on the PQ safe side, we should backport SHA3 payload digest to RHEL.

      In upstream, the SHA3 payload digest is limited to v6 packages because the v4 format is considered frozen now. Thus this would be a RHEL specific backport. Also in upstream PR the v4 payloaddigest tag is renamed to PAYLOADSHA256 with no backwards compatibility API aliases but for RHEL we either need to leave the tag name alone (at the cost of some backporting pains) or add aliases for the old tag name (at the presumably low risk of breaking somebody's script expecting a certain output).

              mdomonko@redhat.com Michal Domonkos
              mdomonko@redhat.com Michal Domonkos
              packaging-team-maint packaging-team-maint
              Software Management QE Software Management QE
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: