Home > mailing lists

GPG signature verification error with pgdg-redhat-repo - Mailing list pgsql-pkg-yum

From	Mikkel Kruse Johnsen
Subject	GPG signature verification error with pgdg-redhat-repo
Date	June 27, 2022 09:33:28
Msg-id	4c38602c1effad35d594e94cf6ac3313dc47207a.camel@xmedicus.com Whole thread Raw
List	pgsql-pkg-yum

Tree view

If running server in FIPS mode, the GPG signature for postgresql packages is not allowed, since a deprecated algo is used:

gpg -vv --show-session-key --list-packets /etc/pki/rpm-gpg/RPM-GPG-KEY-PGDG

gpg: Note: RFC4880bis features are enabled.

gpg: directory '/root/.gnupg' created

gpg: keybox '/root/.gnupg/pubring.kbx' created

gpg: armor: BEGIN PGP PUBLIC KEY BLOCK

# off=0 ctb=99 tag=6 hlen=3 plen=418

:public key packet:

version 4, algo 17, created 1199829578, expires 0

pkey[0]: [1024 bits]

pkey[1]: [160 bits]

pkey[2]: [1023 bits]

pkey[3]: [1023 bits]

keyid: 1F16D2E1442DF0F8

# off=421 ctb=b4 tag=13 hlen=2 plen=62

:user ID packet: "PostgreSQL RPM Building Project <pgsql-pkg-yum@postgresql.org>"

# off=485 ctb=88 tag=2 hlen=2 plen=120

:signature packet: algo 17, keyid 1F16D2E1442DF0F8

version 4, created 1619821393, md5len 0, sigclass 0x13

digest algo 2, begin of digest fc b2

hashed subpkt 33 len 21 (issuer fpr v4 68C9E2B91A37D136FE74D1761F16D2E1442DF0F8)

hashed subpkt 2 len 4 (sig created 2021-04-30)

hashed subpkt 27 len 1 (key flags: 23)

hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)

hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)

hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)

hashed subpkt 30 len 1 (features: 01)

hashed subpkt 23 len 1 (keyserver preferences: 80)

subpkt 16 len 8 (issuer key ID 1F16D2E1442DF0F8)

data: [160 bits]

data: [155 bits]

# off=607 ctb=b9 tag=14 hlen=3 plen=525

:public sub key packet:

version 4, algo 16, created 1199829578, expires 0

pkey[0]: [2048 bits]

pkey[1]: [3 bits]

pkey[2]: [2048 bits]

keyid: 783AA47CD43F1AF8

# off=1135 ctb=88 tag=2 hlen=2 plen=73

:signature packet: algo 17, keyid 1F16D2E1442DF0F8

version 4, created 1199829578, md5len 0, sigclass 0x18

digest algo 2, begin of digest 2b 87

hashed subpkt 2 len 4 (sig created 2008-01-08)

hashed subpkt 27 len 1 (key flags: 0C)

subpkt 16 len 8 (issuer key ID 1F16D2E1442DF0F8)

data: [160 bits]

digest algo 2 is used and that is:

typedef enum { CIPHER_ALGO_NONE = 0, CIPHER_ALGO_IDEA = 1, CIPHER_ALGO_3DES = 2, CIPHER_ALGO_CAST5 = 3, CIPHER_ALGO_BLOWFISH = 4, /* 128 bit */ /* 5 & 6 are reserved */ CIPHER_ALGO_AES = 7, CIPHER_ALGO_AES192 = 8, CIPHER_ALGO_AES256 = 9, CIPHER_ALGO_TWOFISH = 10, /* 256 bit */ CIPHER_ALGO_CAMELLIA128 = 11, CIPHER_ALGO_CAMELLIA192 = 12, CIPHER_ALGO_CAMELLIA256 = 13 }
cipher_algo_t;

--

As you can se that is 3DES, witch is deprecated for FIPS.

Could someone please update the ALGO to a more modern version (8 or 9) ?

--

Med Venlig Hilsen / Kind Regards

Mikkel Kruse Johnsen

Adm. Dir., Medejer

XMedicus Systems ApS

Gladsaxevej 363

2860 Søborg

Telefon: +45 8883 6000

Direkte: +45 8883 6001

Support: +45 8883 6009

e-mail: mikkel@xmedicus.com

web: https://www.xmedicus.com

pgsql-pkg-yum by date:

From: Devrim Gündüz
Date: 24 June 2022, 14:37:06
Subject: Re: There is no postgresql14-llvmjit-* for postgres on redhat8 ppc64le

From: Chuan Hua Zhao
Date: 27 June 2022, 09:59:02
Subject: Re: There is no postgresql14-llvmjit-* for postgres on redhat8 ppc64le

GPG signature verification error with pgdg-redhat-repo - Mailing list pgsql-pkg-yum

Previous

Next