iso authentication

[mike acker]

as we should now all be aware: when an .iso image is downloaded it is well recommended to check it for authenticity;

this is a job for GPG2 -- and I'm delighted to see the MINT Community embracing this method;

Today, I decided to download a fresh copy of the LMDE2 MINT Cinnamon 64 for the box I'm re-building for my brother; For this I went to our normal download site -- https://www.linuxmint.com/edition.php?id=186?id=186 and selected James Madison Univ. mirror;

and this was all well and good except that, in addition to the .iso -- i needed the sha256sums.txt and the corresponding GPG Signature: sha256sums.txt.gpg

it wasn't immediately apparent where this additional data might be found, but, by right clicking on the download link i was able to obtain the following

Code: Select all

http://mirror.jmu.edu/pub/linuxmint/images//debian/lmde-2-201503-cinnamon-64bit.iso

opening a new tab, and shortening the URL thus:

Code: Select all

http://mirror.jmu.edu/pub/linuxmint/images/debian/

i was able to obtain

Code: Select all

Index of /pub/linuxmint/images/debian/

../
lmde-2-201503-cinnamon-32bit.iso                   06-Apr-2015 12:07      1G
lmde-2-201503-cinnamon-64bit.iso                   06-Apr-2015 09:21      1G
lmde-2-201503-mate-32bit.iso                       06-Apr-2015 17:19      1G
lmde-2-201503-mate-64bit.iso                       06-Apr-2015 10:39      1G
md5sum.txt                                         14-Nov-2015 15:32     260
sha256sum.txt                                      07-Apr-2015 14:27    2493
sha256sum.txt.gpg                                  07-Apr-2015 14:34     198

from here i was able to download sha256sum.txt -- a text file containing the sha256 checksums for the various offered distributions

too, i was able to obtain sha256sum.txt.gpg -- the GPG2 detached signature for sha256sum.txt

Now: in order to be satisfied that I have the correct checksums I need to verify the GPG Signature

Code: Select all

gpg2 --verify sha256sum.txt.gpg sha256sum.txt

The result:

Code: Select all

gpg2 --verify sha256sums.txt.gpg sha256sums.txt
gpg: Signature made Tue 07 Apr 2015 10:19:15 AM EDT using DSA key ID 0FF405B2
gpg: Can't check signature: No public key

Note that GPG sts it does not have key 0FF405B2

On a hunch I submitted a request to receive the key:

Code: Select all

gpg2 --keyserver keyserver.ubuntu.com --recv-key "0FF405B2"
gpg: requesting key 0FF405B2 from hkp server keyserver.ubuntu.com
gpg: key 0FF405B2: public key "Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   4  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1  valid:   4  signed:   1  trust: 1-, 0q, 1n, 0m, 2f, 0u
gpg: depth: 2  valid:   1  signed:   0  trust: 0-, 0q, 1n, 0m, 0f, 0u
gpg: next trustdb check due at 2017-04-07
gpg: Total number processed: 1
gpg:               imported: 1

good ol' Clem! Yea!

Code: Select all

gpg2 --verify sha256sums.txt.gpg sha256sums.txt
gpg: Signature made Tue 07 Apr 2015 10:19:15 AM EDT using DSA key ID 0FF405B2
gpg: Good signature from "Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: E1A3 8B8F 1446 75D0 60EA  666F 3EE6 7F3D 0FF4 05B2

Which brings us to The Key Point!

There is no indication that the signature belongs to the owner.

Now, If I were a Betting Man ( I'm not, as a matter of habit ) -- I'd offer a small wager that this is in fact Clem's key. But,-- as the Army teaches everyone:

Hope is not a method.

What's the bet here?

the integrity of the OS itself; we cannot take any chances.

What's needed: a second source.

Note: the download site -- JMU -- offers an MD5 checksum. The problem with that is not that some clowns might manage to generate a collision on the MD5 checksum -- but rather that they wouldn't need to: if I download the .iso and the MD5 from the SAME source -- there is no verification: X is always = to X: of course they will give me the MD5 for the .iso they offer;

The GPG signed sha256sum.txt record solves that as it allows me to authenticate the sha256sum.txt file using GPG! YEA! A huge step in the Right Direction. all that's left it to set up a way by which I can validate Clem's signature; as soon as we have that, I'll sign Clem's signature and be happy!

the Web of Trust model defined by the authors of GPG(PGP) calls for a "3d party introducer"; and this is where I'm stuck we need a way to do that.

I'm pretty happy downloading Clem's key from the UBUNTU keyserver, BUT: how did I get his key ID? From the signature on the sha256sum.txt.gpg file -- that I downloaded from JMU !

again: in this case: X = X;

if i do a list-sigs on Clem's key:

Code: Select all

gpg2 --list-sigs 0FF405B2
pub   1024D/0FF405B2 2009-04-29
uid       [ unknown] Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>
sig          D068D42F 2014-12-08  [User ID not found]
sig 3        0FF405B2 2009-04-29  Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>
sig          3B7F81DA 2016-02-16  [User ID not found]
sig          AD11CBEE 2010-03-17  [User ID not found]
sig          B8F07507 2014-03-16  [User ID not found]
sig          8D37FDE9 2016-07-14  Steven Hancock <stevenh512@gmail.com>
sig          FF32E0EE 2016-03-14  [User ID not found]
sig          212D41B3 2016-06-10  Carlos Castillo <ccastilloc@openmailbox.org>
sig 2        6367008F 2016-04-07  [User ID not found]
sig 3        02AABD91 2016-03-14  [User ID not found]
sub   2048g/0F346519 2009-04-29
sig          0FF405B2 2009-04-29  Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>

Ah Ha!

two of the signatures are known individuals who signed also the "Linux MINT ISO Signing key" earlier:

Code: Select all

gpg2 --list-sigs mint
pub   4096R/A25BAE09 2016-06-07
uid       [ unknown] Linux Mint ISO Signing Key <root@linuxmint.com>
sig          0AE6924E 2016-07-25  Joakim Nilsson <hattmannen@dopplerproductions.se>
sig 2        2AAA5C3B 2016-06-16  Gary de Montigny (2013) <gary@demontigny.net>
sig          8A4811D5 2016-07-18  Yuri Ian Burkinshaw <ybkshaw@ybkshaw.com>
sig          8D37FDE9 2016-07-14  Steven Hancock <stevenh512@gmail.com>
sig          5CD5FDBF 2016-06-11  Summersleeps (This is my current key as of Y2016M6D10.)
sig          8DD5B9C2 2016-06-12  Summersleeps (My current key as of Y2016M6D12.)
sig          212D41B3 2016-06-10  Carlos Castillo <ccastilloc@openmailbox.org>
sig          952C9360 2016-07-07  Kevin Walsh <kevin@cursor.biz>
sig 3        A25BAE09 2016-06-07  Linux Mint ISO Signing Key <root@linuxmint.com>

still, if you see what I'm getting at we need a way to provide this data on an alternate channel -- that we can be pretty sure isn't tampered. one way would be to provide the data on several alternates making it necessary for an attacker to compromise several things all at the same time; remember: from the earlier hack: everything the attacker need to compromise was all on 1 WordPress page;

Comments/Thoughts?

[ostracized]

I think the verify iso instructions are out of date again, or maybe he forgot about LMDE was a "previous release", I have no idea what the case is but I got the same "no public key found" after importing the "signing key" on step 1 from that page.

Instead, I did:

Code: Select all

gpg --keyserver keyserver.ubuntu.com --recv-key "E1A3 8B8F 1446 75D0 60EA 666F 3EE6 7F3D 0FF4 05B2"

...and that worked

In regards to your "single wordpress source" comment, I think that's a good point but theoretically it wouldn't be needed if we "for sure" knew Clem's "totally original and fully-trusted" public key. I've always suggested some simple backup source, like the official Mint twitter account perhaps. Throw the 256 sums up there on every release and attackers would have to compromise the twitter account as well.

[mike acker]

I think the verify iso instructions are out of date again, or maybe he forgot about LMDE was a "previous release", I have no idea what the case is but I got the same "no public key found" after importing the "signing key" on step 1 from that page.

Instead, I did:

Code: Select all

gpg --keyserver keyserver.ubuntu.com --recv-key "E1A3 8B8F 1446 75D0 60EA 666F 3EE6 7F3D 0FF4 05B2"

...and that worked

In regards to your "single wordpress source" comment, I think that's a good point but theoretically it wouldn't be needed if we "for sure" knew Clem's "totally original and fully-trusted" public key. I've always suggested some simple backup source, like the official Mint twitter account perhaps. Throw the 256 sums up there on every release and attackers would have to compromise the twitter account as well.

( emphasis added )

very good reply; I agree: it would have been helpful to me if the instructions read: Previous Releases, Including LMDE";

anything that we do that produces more than 1 copy of the fingerprint for the signing key will help; i was thinking about this last night and it occurred to me that, as our community adopts the signing key method -- many of us will hold copies of the "signing key" on our local key-rings; with that resource available it will be simple for us to adopt some sort of regular audit practice,--

e.g. my copy of Clem's key shows:

Code: Select all

gpg2 --fingerprint clement
pub   1024D/0FF405B2 2009-04-29
      Key fingerprint = E1A3 8B8F 1446 75D0 60EA  666F 3EE6 7F3D 0FF4 05B2
uid       [ unknown] Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>
sub   2048g/0F346519 2009-04-29

we can probably conduct the "audit" -- right here on our board,--

thoughts/comments?

[xenopeek]

We've not made changes to historic releases. I.e., LMDE 2 but also Linux Mint 13 and 17.x have the MD5 checksum file that was part of their original release. They also have the SHA256 checksum file as part of their original release and the GPG signature for that (only Linux Mint 13 doesn't have this, as GPG signatures were added later). The verify ISO instructions are for Linux Mint 18 and other future releases (like LMDE 3), which will no longer be using MD5 checksums.

[maxemoose]

What is the consensus on this? I'm a bit concerned about what came back when I tried to verify my iso image for my new LMDE 2 (using https://linuxmint.com/verify.php)

1. INTEGRITY CHECK

Code: Select all

maxemoose@maxemoose-Inspiron-7348 ~ $ cd
maxemoose@maxemoose-Inspiron-7348 ~ $ cd ISO
maxemoose@maxemoose-Inspiron-7348 ~/ISO $ sha256sum -b *.iso
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 *lmde-2-201503-mate-64bit.iso
maxemoose@maxemoose-Inspiron-7348 ~/ISO $ sha256sum --ignore-missing -c sha256sum.txt
lmde-2-201503-mate-64bit.iso: FAILED
sha256sum: WARNING: 1 computed checksum did NOT match
sha256sum: sha256sum.txt: no file was verified
maxemoose@maxemoose-Inspiron-7348 ~/ISO $ gpg --keyserver keyserver.ubuntu.com --recv-key "E1A3 8B8F 1446 75D0 60EA  666F 3EE6 7F3D 0FF4 05B2"
gpg: directory `/home/maxemoose/.gnupg' created
gpg: new configuration file `/home/maxemoose/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/maxemoose/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/maxemoose/.gnupg/secring.gpg' created
gpg: keyring `/home/maxemoose/.gnupg/pubring.gpg' created
gpg: requesting key 0FF405B2 from hkp server keyserver.ubuntu.com
gpg: /home/maxemoose/.gnupg/trustdb.gpg: trustdb created
gpg: key 0FF405B2: public key "Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
maxemoose@maxemoose-Inspiron-7348 ~/ISO $ gpg --keyserver keyserver.ubuntu.com --recv-key 0FF405B2
gpg: requesting key 0FF405B2 from hkp server keyserver.ubuntu.com
gpg: key 0FF405B2: "Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
maxemoose@maxemoose-Inspiron-7348 ~/ISO $ gpg --list-key --with-fingerprint 0FF405B2
pub   1024D/0FF405B2 2009-04-29
      Key fingerprint = E1A3 8B8F 1446 75D0 60EA  666F 3EE6 7F3D 0FF4 05B2
uid                  Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>
sub   2048g/0F346519 2009-04-29

maxemoose@maxemoose-Inspiron-7348 ~/ISO $ cd
maxemoose@maxemoose-Inspiron-7348 ~ $ cd ISO
maxemoose@maxemoose-Inspiron-7348 ~/ISO $ gpg --verify sha256sum.txt.gpg sha256sum.txt
gpg: Signature made Tue 07 Apr 2015 07:19:15 AM PDT using DSA key ID 0FF405B2
gpg: Good signature from "Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: E1A3 8B8F 1446 75D0 60EA  666F 3EE6 7F3D 0FF4 05B2
maxemoose@maxemoose-Inspiron-7348 ~/ISO $ 

2. AUTHENTICITY CHECK

Code: Select all

maxemoose@maxemoose-Inspiron-7348 ~/ISO $ gpg2 --list-sigs 0FF405B2
pub   dsa1024/0FF405B2 2009-04-29 [SC]
uid         [ unknown] Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>
sig          D068D42F 2014-12-08  [User ID not found]
sig          B7617C69 2016-11-14  [User ID not found]
sig 3        0FF405B2 2009-04-29  Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>
sig          3B7F81DA 2016-02-16  [User ID not found]
sig          4D1CC810 2016-02-24  [User ID not found]
sig          B0918824 2016-06-06  [User ID not found]
sig          AD11CBEE 2010-03-17  [User ID not found]
sig          B8F07507 2014-03-16  [User ID not found]
sig          8D37FDE9 2016-07-14  [User ID not found]
sig          FF32E0EE 2016-03-14  [User ID not found]
sig          7B1CFEC6 2016-05-24  [User ID not found]
sig          212D41B3 2016-06-10  [User ID not found]
sig 2        6367008F 2016-04-07  [User ID not found]
sig 3        02AABD91 2016-03-14  [User ID not found]
sub   elg2048/0F346519 2009-04-29 [E]
sig          0FF405B2 2009-04-29  Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>

maxemoose@maxemoose-Inspiron-7348 ~/ISO $ gpg2 --list-sigs mint
pub   dsa1024/0FF405B2 2009-04-29 [SC]
uid         [ unknown] Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>
sig          D068D42F 2014-12-08  [User ID not found]
sig          B7617C69 2016-11-14  [User ID not found]
sig 3        0FF405B2 2009-04-29  Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>
sig          3B7F81DA 2016-02-16  [User ID not found]
sig          4D1CC810 2016-02-24  [User ID not found]
sig          B0918824 2016-06-06  [User ID not found]
sig          AD11CBEE 2010-03-17  [User ID not found]
sig          B8F07507 2014-03-16  [User ID not found]
sig          8D37FDE9 2016-07-14  [User ID not found]
sig          FF32E0EE 2016-03-14  [User ID not found]
sig          7B1CFEC6 2016-05-24  [User ID not found]
sig          212D41B3 2016-06-10  [User ID not found]
sig 2        6367008F 2016-04-07  [User ID not found]
sig 3        02AABD91 2016-03-14  [User ID not found]
sub   elg2048/0F346519 2009-04-29 [E]
sig          0FF405B2 2009-04-29  Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>

maxemoose@maxemoose-Inspiron-7348 ~/ISO $ gpg --keyserver keyserver.ubuntu.com --recv-key "E1A3 8B8F 1446 75D0 60EA 666F 3EE6 7F3D 0FF4 05B2"
gpg: requesting key 0FF405B2 from hkp server keyserver.ubuntu.com
gpg: key 0FF405B2: "Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
maxemoose@maxemoose-Inspiron-7348 ~/ISO $ gpg2 --fingerprint clement
pub   dsa1024/0FF405B2 2009-04-29 [SC]
      Key fingerprint = E1A3 8B8F 1446 75D0 60EA  666F 3EE6 7F3D 0FF4 05B2
uid         [ unknown] Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>
sub   elg2048/0F346519 2009-04-29 [E]

maxemoose@maxemoose-Inspiron-7348 ~/ISO $ 

Is this normal? Should I be concerned about this?

[killer de bug]

Everything looks fine.

The only complain is that nobody ever signed the key from Clem to certify it. Nothing to worry, the key is the one reported in the document.

[Cosmo.]

The only complain is that nobody ever signed the key from Clem to certify it.

This wouldn't help much, as long as the user does not have also the public key of the person in his / her keyring, who has signed Clem's key. It is near to certain, that the user does not have such key and so the signature by Clem is worth as much as the signature by the signer of Clem's key.

The user could sign Clem's key him/her-self, but actually (s)she cannot really verify by own proof, that the key is authentic; so this would replace the note about the not certified key, but in reality would not enhance the security only by the least fraction.

[killer de bug]

My post was just a statement about the warning message. I was just explaining verbally what it meant. Nothing more.

[maxemoose]

Everything looks fine.

The only complain is that nobody ever signed the key from Clem to certify it. Nothing to worry, the key is the one reported in the document.

I'm new to Linux and, based on the instructions I was referencing, the results I got seemed off. Thanks for looking this over, cheers.