Hi Phil,
On Sun, 25 Oct 2020 02:03:43 +0100, Phil Pennock wrote:
I held off on "asking others to write software for me" in the previous post, keeping it to "this exists now". This time around, I'm throwing out a "Hey, pgpkey-sanitycheck would be a nice tool to have, folks" and running away.
I've written a certificate linter and fixer that does what you want, I think. You can find it here:
https://gitlab.com/sequoia-pgp/keyring-linter https://crates.io/crates/sequoia-keyring-linter
It detects and optionally fixes the following three types of issues:
- A User ID's current self signature relies on SHA-1; - A Subkey's current binding signature relies on SHA-1; and, - A Signing-capable subkey's current primary key binding signature (backsig) relies on SHA-1.
To just lint a key, one would do:
$ sq-keyring-linter microsoft.asc Certificate 6CC73355668F7B75 is not valid under the standard policy Certificate 6CC73355668F7B75 contains a User ID ("Microsoft Security Notifications securitynotifications@e-mail.microsoft.com") protected by SHA-1 Examined 1 certificate. 0 certificates are invalid and were not linted. (GOOD) 1 certificate was linted. 1 of the 1 linted certificates (100%) has at least one issue. (BAD) 1 certificate has at least one non-revoked User IDs: 1 has at least one User IDs protected by SHA-1. (BAD) 1 has all User IDs protected by SHA-1. (BAD) 0 certificates have at least one non-revoked, live subkeys: 0 have at least one non-revoked, live subkeys with a binding signature that uses SHA-1. (GOOD) 0 certificates have at least one non-revoked, live, signing-capable subkeys: 0 certificates have at least one non-revoked, live, signing-capable subkeys with a strong binding signature, but a backsig that uses SHA-1. (GOOD)
The tool lists the specific issues that it finds and then prints show statistics. The statistics are more useful when examining a keyring:
$ sq-keyring-linter /usr/share/keyrings/debian-keyring.gpg ... Examined 885 certificates. 1 certificate is invalid and was not linted. (BAD) 884 certificates were linted. 207 of the 884 linted certificates (23%) have at least one issue. (BAD) 884 certificates have at least one non-revoked User IDs: 169 have at least one User IDs protected by SHA-1. (BAD) 106 have all User IDs protected by SHA-1. (BAD) 836 certificates have at least one non-revoked, live subkeys: 160 have at least one non-revoked, live subkeys with a binding signature that uses SHA-1. (BAD) 230 certificates have at least one non-revoked, live, signing-capable subkeys: 10 certificates have at least one non-revoked, live, signing-capable subkeys with a strong binding signature, but a backsig that uses SHA-1. (BAD)
To fix a key, you need the secret key material. If that's available, it's straightforward:
$ gpg --export-secret-key 4BE50C526C743502 | sq-keyring-linter --fix | gpg --import Certificate 4BE50C526C743502 is not valid under the standard policy Certificate 4BE50C526C743502 contains a User ID ("SHA1 User ID, SHA256 Subkeys sha1-user-id-sha256-subkeys@example.org") protected by SHA-1 Certificate 4BE50C526C743502, key CC6387BFA4D9263D uses a SHA-1-protected binding signature. Examined 1 certificate. 0 certificates are invalid and were not linted. (GOOD) 1 certificate was linted. 1 of the 1 linted certificates (100%) has at least one issue. (BAD) 1 certificate has at least one non-revoked User IDs: 1 has at least one User IDs protected by SHA-1. (BAD) 1 has all User IDs protected by SHA-1. (BAD) 1 certificate has at least one non-revoked, live subkeys: 1 has at least one non-revoked, live subkeys with a binding signature that uses SHA-1. (BAD) 1 certificate has at least one non-revoked, live, signing-capable subkeys: 0 certificates have at least one non-revoked, live, signing-capable subkeys with a strong binding signature, but a backsig that uses SHA-1. (GOOD) gpg: key 4BE50C526C743502: "SHA1 User ID, SHA256 Subkeys sha1-user-id-sha256-subkeys@example.org" 2 new signatures gpg: Total number processed: 1 gpg: new signatures: 2
Looking at the output, we see that two issues were corrected.
Although you can build from source, if you are on Debian, the latest version of the tool, 0.3.0, should hit Debian unstable in the next few days (thanks dkg!). (The current version, 0.1.0, in Debian only includes the linter functionality.)
https://packages.debian.org/sid/sq-keyring-linter
If you have any feedback on the concept, I suspect that replying here would be okay. But tool-specific issues are probably off topic and should go to the tool's issue tracker or our mailing list (devel@sequoia-pgp.org, cc'ed):
https://gitlab.com/sequoia-pgp/keyring-linter/-/issues
Thanks!
:) Neal