guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signed archives (preliminary patch)

From: Nikita Karetnikov
Subject: Re: Signed archives (preliminary patch)
Date: Sat, 01 Mar 2014 01:22:17 +0400 
> There’s an important check missing here: the code verifies that BODY* is
> a valid signature, but it doesn’t check whether what it signs
> corresponds to this narinfo up to but excluding the ‘Signature’ field.

Oh, indeed.

>   5. pass the hash to the signature verification procedure.

Then, it should extract the other hash from the Signature line, compare
the hashes, and run the rest of the checks, right?

>> +                    ("Signature" . ,(lambda (narinfo)
>> +                                      (let ((sig (narinfo-signature 
>> narinfo)))
>> +                                        (string-append
>> +                                         (number->string (signature-version 
>> sig))
>> +                                         ";"
>> +                                         (signature-key-id sig)
>> +                                         ";"
>> +                                         (base64-encode
>> +                                          ;; XXX: Can we assume UTF-8 here?
>> +                                          (string->utf8
>> +                                           (canonical-sexp->string
>> +                                            (signature-body sig)))))))))

> It’s important to keep the original signatures intact.

Not sure I follow.  Can I simply use ("Signature" . ,narinfo-signature)?

> To fix this, the <narinfo> record must include an additional field to
> contain the original narinfo string.

Please elaborate.  Which string are you talking about?

Attachment: pgpQYnBm8UTDe.pgp
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]