In Ubuntu 24.04, APT will require repositories to be signed using one of the following public key algorithms:
- RSA with at least 2048-bit keys
- Ed25519
- Ed448
This has been made possible thanks to recent work in GnuPG 2.4 by Werner Koch to allow us to specify a “public key algorithm assertion” in APT when calling the gpgv tool for verifying repositories.
As a first stage, warnings will be enabled for such repositories with apt 2.7.13. In a second stage, once all PPAs have been resigned, we will convert those to errors - protection as a default.
Why is this being done?
Previous releases trusted all algorithms trusted by GnuPG. 1024-bit RSA keys are widely considered unsafe, with government institutions such as NIST requiring the use of at least 2048 bits for at least 5 years now, but GnuPG and by extension APT was still trusting them.
This assertion also affects various additional eliptic curves such as the Brainpool family, secp256k1, and the NIST ECC family. These are already considered “unsafe” by the https://safecurves.cr.yp.to/ project, and we believe that RSA and the Ed family provides plenty of choices to repository owners, including being able to comply with FIPS requirements.
In the future we will extend the list of trusted algorithms as newer ones become available in GnuPG, and/or tighten the security requirements to align with best practice guidelines by NIST and other institutes.
FAQ
A PPA on Launchpad triggers a “weak algorithm” warning, what do I do?
PPAs are currently in the process of being upgraded to a 4096-bit RSA key and we expect that upgrade to be complete by release time. No action is needed (or possible) from PPA owners.
If you are currently using 24.04 before it is released, you will need to refresh the PPA signing keys when the warning becomes an error. We plan to provide easy functionality in add-apt-repository to do so, such that you do not need to remove and re-add the PPAs.
In the meantime, you may chose to ignore the warning or take it as a chance to reconsider which PPAs you have enabled.
A third-party repository triggers the “weak algorithm” warning, what do I do?
As a user, please contact your repository provider for further instructions.
For repository owners, our advice is to generate a new key and start dual-signing your repositories, including previous releases, and to only distribute the new key to users once you have dual signed.
There is no generic way to automatically rotate third-party repository signing keys. If you deliver signing keys in a .deb inside your repository, please generate a new key and update the package to include it before April. Then, remove the previous key from the package once you have started dual signing the repository.
This ensures that users will be able to re-enable your repository after an upgrade to 24.04.
How can I override this?
You can configure a different assertion using the apt.conf option APT::Key::Assert-Pubkey-Algo. The value in there is passed to gpgv --assert-pubkey-algo, consult its paragraph in the gpg(1) manual page for more information on how the string can be composed.
For example, you may want to specify >=rsa2048 to only allow RSA signing keys if your policy does not yet allow Ed25519 and Ed448 keys, or >=rsa2048,>=nistp256 to additionally also allow NIST elliptic curves.