You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
gpg: out of core handler ignored in FIPS mode
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: can't check signature with unsupported public-key algorithm (17): Invalid public key algorithm.
gpg: key 328DA867450F89EC: 10 duplicate signatures removed
gpg: key 328DA867450F89EC: new key but contains no user ID - skipped
gpg: Total number processed: 1
gpg: w/o user IDs: 1
You can see here https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf that DSA is only acceptable with a FIPS approved hash function until February 2024, when it will no longer be supported. I see in the SIGNATURE file in https://cpan.org/authors/id/A/AN/ANDK/CPAN-2.34.tar.gz that it appears the hash algorithm used is RIPEMD160, which is not a FIPS support hash algorithm. However, I don't see anything about it being insecure, just that it's not approved by FIPS.
The text was updated successfully, but these errors were encountered:
You can enable fips mode on centos 9 with
Running
gpg --keyserver hkp://pgpkeys.eu --recv-key 2E66557AB97C19C791AF8E20328DA867450F89EC
outputsYou can see here https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf that DSA is only acceptable with a FIPS approved hash function until February 2024, when it will no longer be supported. I see in the SIGNATURE file in https://cpan.org/authors/id/A/AN/ANDK/CPAN-2.34.tar.gz that it appears the hash algorithm used is RIPEMD160, which is not a FIPS support hash algorithm. However, I don't see anything about it being insecure, just that it's not approved by FIPS.
The text was updated successfully, but these errors were encountered: