[Rpm-maint] [rpm-software-management/rpm] Give error message for failed PGP key import (PR #2097)

Neal H. Walfield notifications at github.com
Tue Sep 20 07:09:49 UTC 2022


Using v4 OpenPGP keys requires the use of SHA-1.  SHA-1 is used to compute the fingerprint.  This is actually safe as the security of the fingerprint relies on second pre-image resistance (finding a second message with the same hash), not collision resistance (finding two messages with the same hash).  SHA-1 second pre-image resistance is still secure, only its collision resistance is broken.  Of course, we are not happy to continue to use SHA-1 and the next version of the OpenPGP specification will use SHA-2 256 to compute fingerprints.  But, it will take years until all v4 keys have been replaced by v5 keys.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2097#issuecomment-1251932875
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/2097/c1251932875 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220920/7760dd94/attachment.html>


More information about the Rpm-maint mailing list