Uploaded image for project: 'Security Data'
  1. Security Data
  2. SECDATA-304

Re-sign all CSAF files with new key that uses v4 signatures only

XMLWordPrintable

    • 2
    • False
    • Hide

      None

      Show
      None
    • False

      $ podman run -it quay.io/fedora/fedora:38
      [root@90ee9b7b2b69 /]# cd
      [root@28d602a686d8 ~]# curl -sO https://access.redhat.com/security/data/csaf/v2/advisories/2005/rhsa-2005_586.json
      [root@28d602a686d8 ~]# curl -sO https://access.redhat.com/security/data/csaf/v2/advisories/2005/rhsa-2005_586.json.asc
      [root@28d602a686d8 ~]# curl -sO https://access.redhat.com/sites/default/files/pages/attachments/dce3823597f5eac4.txt
      [root@28d602a686d8 ~]# gpg --import dce3823597f5eac4.txt 
      gpg: directory '/root/.gnupg' created
      gpg: keybox '/root/.gnupg/pubring.kbx' created
      gpg: /root/.gnupg/trustdb.gpg: trustdb created
      gpg: key DCE3823597F5EAC4: public key "Red Hat, Inc. (Product Security) <secalert@redhat.com>" imported
      gpg: Total number processed: 1
      gpg:               imported: 1
      [root@28d602a686d8 ~]# gpg -vv --verify rhsa-2005_586.json.asc 
      gpg: enabled compatibility flags:
      gpg: armor: BEGIN PGP SIGNATURE
      gpg: armor header: Version: GnuPG v1
      # off=0 ctb=89 tag=2 hlen=3 plen=533
      :signature packet: algo 1, keyid DCE3823597F5EAC4
      	version 3, created 1684248004, md5len 5, sigclass 0x00
      	digest algo 8, begin of digest 63 18
      	data: [4094 bits]
      gpg: assuming signed data in 'rhsa-2005_586.json'
      gpg: Signature made Tue May 16 14:40:04 2023 UTC
      gpg:                using RSA key DCE3823597F5EAC4
      gpg: using pgp trust model
      gpg: Good signature from "Red Hat, Inc. (Product Security) <secalert@redhat.com>" [unknown]
      gpg: WARNING: This key is not certified with a trusted signature!
      gpg:          There is no indication that the signature belongs to the owner.
      Primary key fingerprint: 77E7 9ABE 9367 3533 ED09  EBE2 DCE3 8235 97F5 EAC4
      gpg: binary signature, digest algorithm SHA256, key algorithm rsa4096 

              rhn-support-juspence Justin Spencer
              mprpic@redhat.com Martin Prpic
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: