I've finished wiring up RSA signature checking algorithms using -lgcrypt and -lopenssl
(as well as -lbeecrypt and -lnss) @rpm5.org.
RSA/SHA1 w 4096bit keys algorithms are verifying using
Requires: signature(...)
probes on clear/detached signed plaintext are all functional @rpm5.org. So the algorithms
and much of the digital signature verification implementation is correct.
re comment #7: I'm not seeing a signature tag in the tuxonice package that I have downloaded.
re comment #8:Thanks for the reproducer. I'm seeing this behavior now:
$ rpm -Kvv obsoletes-test-1-1.tillf8.noarch.rpm
D: Expected size: 2435 = lead(96)+sigs(1296)+pad(0)+data(1043)
D: Actual size: 2435
obsoletes-test-1-1.tillf8.noarch.rpm:
Header V4 RSA/SHA512 signature: BAD, key ID 1c109517
Header SHA1 digest: OK (b3398044a25fe5bc5e4c5bded44c0dd5d10e13db)
MD5 digest: OK (f16dd8cfcf437beb6d467e4f652c6bbd)
So the issue for verifying RSA on *.rpm packages likely has to do with
the plaintext salting for RSA V4. There's also a chance that MD5, not
SHA1, digest is being computed for hysterical RSA V3 reasons.
I've finished wiring up RSA signature checking algorithms using -lgcrypt and -lopenssl
(as well as -lbeecrypt and -lnss) @rpm5.org.
RSA/SHA1 w 4096bit keys algorithms are verifying using
Requires: signature(...)
probes on clear/detached signed plaintext are all functional @rpm5.org. So the algorithms
and much of the digital signature verification implementation is correct.
re comment #7: I'm not seeing a signature tag in the tuxonice package that I have downloaded.
re comment #8:Thanks for the reproducer. I'm seeing this behavior now:
$ rpm -Kvv obsoletes- test-1- 1.tillf8. noarch. rpm +sigs(1296) +pad(0) +data(1043) test-1- 1.tillf8. noarch. rpm: bc5e4c5bded44c0 dd5d10e13db) eb6d467e4f652c6 bbd)
D: Expected size: 2435 = lead(96)
D: Actual size: 2435
obsoletes-
Header V4 RSA/SHA512 signature: BAD, key ID 1c109517
Header SHA1 digest: OK (b3398044a25fe5
MD5 digest: OK (f16dd8cfcf437b
So the issue for verifying RSA on *.rpm packages likely has to do with
the plaintext salting for RSA V4. There's also a chance that MD5, not
SHA1, digest is being computed for hysterical RSA V3 reasons.
Digging now ...