Skip to main content
Skip table of contents

Debian Dpkg-sig Signer

The Debian dpkg-sig signer has the fully qualified class name: org.signserver.module.debiandpkgsig.signer.DebianDpkgSigSigner.

Overview

The signer can sign Debian packages and adds the signature in the dpkg-sig format.

The Debian dpkg-sig Signer uses OpenPGP and not X.509 certificates. You can obtain the OpenPGP public key from the worker's status output instead. Additionally, the generate CSR functionality allows you to add a user ID to the public key and to store the new public key in the PGPPUBLICKEY worker property.

The key management operations are the same as for the generic OpenPGP Signer.

Available Properties

Property

Default

Description

DIGEST_ALGORITHM

SHA256

(Optional) OpenPGP Hash Algorithm to use with the signature. Possible values are numeric or textual OpenPGP Hash Algorithms. Examples: "SHA256", "10".

This is only the digest algorithm for the signature. The digest algorithms in the manifest file inside the package are MD5 and SHA-1, as expected by dpkg-sig.

GENERATE_REVOCATION_CERTIFICATE

False

(Optional) Setting this property to true switches the behavior of the generate CSR functionality to not add user ID / certification but instead generate an OpenPGP revocation certificate.

The idea is to only switch this to true temporarily, generate the revocation certificate and then switch it back to false.

The header for the PGP public key block, -----BEGIN PGP PUBLIC KEY BLOCK-----, is prefixed by a colon to prevent accidentally importing a revocation certificate. Before importing the certificate, this colon must be removed so that line only contains the text -----BEGIN PGP PUBLIC KEY BLOCK-----.

PGPPUBLICKEY

Empty

(Optional) Property for storing the latest OpenPGP public key in ASCII armored form after adding user IDs / certifications to it. Remember to store the updated public key in this property so that the current user IDs are kept when new ones are added later on.

SELFSIGNED_VALIDITY

Empty

(Optional) The number of seconds the key is valid for after its creation. This property is used when a certification is added to the key so to extend the current validity, set a higher value and perform the certification again. An empty value or zero means that the key does not expire (default).

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close