Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-27361

SHA256 is used to sign repomd.xml, while the algorithm constraints require at least 384

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: New
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.30.0
    • Fix Version/s: None
    • Component/s: Yum
    • Labels:
    • Environment:
      Fedora 33
      gpg (GnuPG) 2.2.25

      Description

      1. Generated ECC key (NIST P-384).
      2. Installed it in NXRM.
      3. Nexus generated signature for metadata.
      4. Hower that signature is unusable in dnf.
        gpg --verify shows:

        gpg: Signature made Tue 13 Apr 2021 13:24:38 CEST
        gpg: using ECDSA key 7291D0DBB512FC67
        gpg: ECDSA key 7291D0DBB512FC67 requires a 384 bit or larger hash (hash is SHA256)
        gpg: Can't check signature: General error

      https://help.sonatype.com/repomanager3/formats/yum-repositories/gpg-signatures-for-yum-proxy-group does not mention any algorithm limitations.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            Zygielo Piotr Zygielo
            Last Updated By:
            Joe Tom Joe Tom
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Date of First Response:

                tigCommentSecurity.panel-title