Launchpad itself

apt key uses deprecated rsa1024 algorithm

Bug #2053281 reported by Jake Lepere on 2024-02-15

This bug report is a duplicate of: Bug #1461834: 1024-bit signing keys should be deprecated. Edit Remove

This bug affects 4 people

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Confirmed	High	Unassigned

Bug Description

Adding the apt key for `ppa:libreoffice/ppa` fails on newer systems (specifically Ubuntu 22.04 Pro w/ `$ pro enable fips-updates`) that removed support for the rsa1024 algorithm.

```
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-keys 83FBA1751378B444
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Executing: /tmp/apt-key-gpghome.nICDD1j6kU/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com --recv-keys 83FBA1751378B444
gpg: out of core handler ignored in FIPS mode
gpg: key 83FBA1751378B444: 1 bad signature
gpg: key 83FBA1751378B444: new key but contains no user ID - skipped
gpg: Total number processed: 1
gpg: w/o user IDs: 1
...
```

I've inspected the key after adding it on a system that supports rsa1024.

```
$ sudo apt-key list
...
/etc/apt/trusted.gpg
--------------------
pub rsa1024 2010-12-29 [SC]
36E8 1C92 67FD 1383 FCC4 4909 83FB A175 1378 B444
uid [ unknown] Launchpad PPA for LibreOffice Packaging
...
```

Can the key be updated to use rsa4096?

Revision history for this message

Guruprasad (lgp171188) wrote on 2024-02-26:

Hi, this is a known issue and we are working on rotating the keys of the affected PPAs with 1024-bit RSA keys to 4096-bit RSA keys.

no longer affects:	libreoffice (Ubuntu)
Changed in launchpad:
status:	New → Confirmed
importance:	Undecided → High
assignee:	nobody → Guruprasad (lgp171188)
assignee:	Guruprasad (lgp171188) → nobody