On 08.08.19 21:55, Björn Persson wrote:
· Minisign itself: Precompiled binary packages are signed, but not the source code apparently.
https://github.com/jedisct1/minisign/issues/61
· Sodium: There are both Minisign signatures and OpenPGP signatures. · dnscrypt-proxy: Again, precompiled binary packages are signed, but not the source code. · Radare2: I can't find any signatures. · OpenSMTPD: Signify signatures found.
I can create issues/PRs for these one later as well!
As for packages requiring gnupg2, there are slightly more... But there may be some false positives as well...
$ repoquery -q --disablerepo='*' --enablerepo=fedora-source --enablerepo=updates-source --archlist=src --whatrequires gnupg2 --releasever=rawhide | wc 83 83 2468
That's great and all, but have there been any serious attempts to trick Minisign or Signify into accepting a fake signature, by people who are experienced in such attacks?
Not that I know of. The author is Minisign is the author of libsodium as well. So the trust is mostly based on the author's reputation, and the reputation of OpenBSD developers (signify). I did find an audit by PIA from two years ago for libsodium that was quite positive [1].
Cryptography is tricky stuff. It's very easy to overlook some detail. Users should be wary of homegrown protocols that haven't been rigorously analyzed.
As for the current status quo, i.e. PGP, see [2,3], it would be fair to hold PGP (GnuPG) to the same standards... Based on its history of vulnerabilities I don't really trust it for anything. I'm sure you can use it safely if you are an expert and don't use key servers, but well, I don't trust myself with PGP... That is also the main reason I am in the process of switching to signify/Minisign for my own projects.
Cheers, François
[1] https://www.privateinternetaccess.com/blog/2017/08/libsodium-v1-0-12-and-v1-... [2] https://latacora.micro.blog/2019/07/16/the-pgp-problem.html [3] https://blog.trailofbits.com/2019/07/08/fuck-rsa/