#1001956 popcon: gpg: 5B1A07804DD558242CF5538215A07BA5233E3E85: skipped: unusable public key

#1001956#5
Date:
2021-12-19 13:49:30 UTC
From:
To:
got a cron mail:

Subject: Cron <root@caas> test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )

/etc/cron.daily/popularity-contest:
gpg: 5B1A07804DD558242CF5538215A07BA5233E3E85: skipped: unusable public key
gpg: /var/log/popularity-contest.new: encryption failed: unusable public key
run-parts: /etc/cron.daily/popularity-contest exited with return code 2

#1001956#10
Date:
2021-12-19 14:02:51 UTC
From:
To:
Hello Thorsten,

Is it not the same as #955393 ? gpg1 is not supported.

Cheers,

#1001956#15
Date:
2021-12-19 15:33:36 UTC
From:
To:
forcemerge 955393 1001956
thanks

Bill Allombert dixit:

Ah right, it is; I didn’t see it, probably because it was closed,
and I only recently updated the system in question.

Maybe you should support gpg1…

bye,
//mirabilos

#1001956#22
Date:
2021-12-19 21:29:45 UTC
From:
To:
What about the underlying hash functions ?
(Though I do not know if this is relevant to encryption keys,
but it was a problem for ssh).

Cheers,
Bill.

#1001956#27
Date:
2021-12-19 21:48:42 UTC
From:
To:
Bill Allombert dixit:

They’re not used with the keys themselves, merely stated as preferences.

Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

The public key to encrypt to specifies its ordered preferences.
The ones from the OpenPGP standard are always added at the end
of the list if not manually stated, and they’re pretty low, so
it makes sense to pick ones from this list.

I once found someone arguing (with data) why AES256 might be,
on average, worse than AES192 on GNU/Linux. I unfortunately did
not note any link, just the result. You probably can get good
results with:

personal-digest-preferences SHA384 SHA512 SHA256
personal-cipher-preferences AES192 AES256 AES
personal-compress-preferences ZLIB Uncompressed
(or just Uncompressed, but the relevant attack won’t work here)
# H9 H10 S8 Z2 Z0 H8 S9 S7
default-preference-list SHA384 SHA512 AES192 ZLIB Uncompressed SHA256 AES256 AES

YMMV, of course.

stretch has the same list:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

gpg2 on bullseye has:
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

The difference is addition of ECC variants and removal of MD5.

Implied preferences are 3DES SHA1 Uncompressed.

HTH & HAND,
//mirabilos

#1001956#32
Date:
2022-07-18 22:50:46 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
popularity-contest, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1001956@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bill Allombert <ballombe@debian.org> (supplier of updated popularity-contest package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Mon, 18 Jul 2022 12:57:02 +0200
Source: popularity-contest
Architecture: source
Version: 1.74
Distribution: unstable
Urgency: medium
Maintainer: Popularity Contest Developers <debian-popcon@lists.debian.org>
Changed-By: Bill Allombert <ballombe@debian.org>
Closes: 681721 999319 1001956
Changes:
 popularity-contest (1.74) unstable; urgency=medium
 .
   * debian/rules: add missing targets. Closes: #999319 Thanks Lucas Nussbaum
   * debian-popcon.gpg: use new submission key.
     The key is back to RSA4096. Closes: #1001956.
   * popularity-contest: New feature: skip private packages that declare
     XB-Popcon-Reports: no in debian/control. This is to be used solely
     by tools that generate packages with unique names, to avoid the
     unique name to leak. Closes: #681721.
   * debian/control:
     - Build-Depends: debhelper-compat (= 13)
Checksums-Sha1:
 f2feaf044d0ec3602a00430ad2fb6980dd234d02 1731 popularity-contest_1.74.dsc
 2f16cc110a6ae92e8b99d13a22c2e4790c2b21d4 79544 popularity-contest_1.74.tar.xz
 33acc558ea1b20156279208b5126792f7f31d881 5624 popularity-contest_1.74_source.buildinfo
Checksums-Sha256:
 15652667dbeb527326b0420cd9a7a2c024c6e7e7d99fc0d298341298aacd5599 1731 popularity-contest_1.74.dsc
 4b2d7db55a84d100c1b5995a881971cf604eeb3a6d9562cc9570e8caed035069 79544 popularity-contest_1.74.tar.xz
 66ffa05b6eeced877eec44ddac05b3f2bb9caaf9b6b8f44959f358679fffff7e 5624 popularity-contest_1.74_source.buildinfo
Files:
 d2e880f2c63eb86a3fcbcf78571a97da 1731 misc optional popularity-contest_1.74.dsc
 0ba66137a2ae1b90dd8a0371b5772665 79544 misc optional popularity-contest_1.74.tar.xz
 4ef62e75641f36e4d8bc757d51a9e7b9 5624 misc optional popularity-contest_1.74_source.buildinfo
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEQgKOpASi6dgKxFMUjw58K0Ui44cFAmLV4kcACgkQjw58K0Ui
44d/AhAAn6llSJyy0tMa6rUwrkDr53oECOyUcs+SKT6M9ztVFohAw/NiHB+Ja/ho
gYgeQq4P9KAoFwPAK/sHQL7gp3ZHKxOlZd4w2ZPCmDKu1Mzocs0tQ7y5TRutyOzc
QVgyIWFBZQ/z/aERmy7+WD5+F7/h4+ZxGjMNDOgKVuSPs4b5pZeQTf7xI3/NTEk5
PzNAS+7SiNhQTsrcldtVmBjgMTxSG8tiyfbKYNjmEs78PFpxqc49wudp5ftwXEf7
VWKYTsnFlUSF3oKhz2HEvEw7ulL9C21yEEMbZFIHvXSAVH3mBrS6W+wzKvQTcoCS
ETeJGm0Leg4+Y/RetE4FXynRMemhgqWqX7NJof6NYvw+CgM/bhQnnh5qzO/b+Ed+
obZrEzCXcPRtN0VTPcHOZjYBEaFrYumn2RRvfOVhP4geJ9Oqfxw8alecEvePQ7KV
QDpYKN6bbAO7LAHksRnRuoE195YTK8pxjZpdXOGZQRydXJ7o9euoGqG/5ACVU7MB
uf6VRuCt22t9gFIktSwMaAlqWrmbF1jU2+uZsmcr54JkY3kvk52L6GfcmCgQxf1x
z7YuTBcNZ+ax7aKtYn0VQAYQLiG9brUHGYaPGEQMH2D+Iaq4vTAgOEpwZIoTcKVp
rYHmDH7FjWmaq6fwX+fFVFC1W0foBDQ9tTbk5IFm40MODs2Phfk=
=Ny6J
-----END PGP SIGNATURE-----