[Centos] CentOS GPG key import process

R P Herrold herrold at owlriver.com
Wed Apr 28 01:33:51 UTC 2004


On Tue, 27 Apr 2004, Lance Davis wrote:

> I think the key should be installed automatically as part of the install 
> process - but dont know how / why it isnt ...

Two schools of thought there -- When doing a local RO media
install, one assumedly trusts the media to not have been
tampered with, and it should be added [the use of the media is
a manual act of trust]; when doing a wire install, unless
there is an prior affirmative act on the chain of trust
[manual installation of the key from a trusted source], it is
probably reasonable to not do (rpm as a matter of strict 
policy runs without user intervention).

Once an initial trusted key is installed, supplemental 
keys may be managed under the rpm packaging mechanism (an 
approach with %pre/%post script management comes to mind).  
This is because the later keying packages would be oversigned 
with a key properly on the keychain.  Expirations and 
revocations can then also be handled more cleanly.  (This is 
the relaxed school)

Othres feel: By rights, really, rpm should not receive an
import of a key without a mechanism for preventing a hostile
insertion -- such as a passphrase -- but the counter argument
is that as only 'root' has RW access on the relevant file, if
the attacker already has root rights, they could sniff the
needed passphrase to do so.

The contrary school is the GPG passphrase school, which adds
the supplemental protection anyway. (This is the tin foil hat
school.)

-- Russ Herrold



More information about the CentOS mailing list