fix(#59/JG-RT-026): pin Action Manifest verifier key out-of-band#54
Merged
Conversation
Internal red-team of the new Action Manifest (#62) found the verifier trusted `<log>.manifests.pub` — a key file beside the very log it checks. An attacker who can rewrite the audit log can also rewrite that pubkey and re-sign with their own key, yielding a self-consistent forgery that reported OK and silently defeated non-repudiation. Fix: `verify_manifests()` takes an optional pinned key; CLI adds `--manifest-pubkey <hex>` (supplied out-of-band). When pinned, the in-dir pubkey is ignored and authenticity is checked against the pinned key — the only mode resisting a malicious log-holder. When omitted, the verifier falls back to the in-dir key for convenience (accidental-corruption detection only) and the result is flagged `pubkey_pinned=false` / "self-consistency only", so an unpinned pass can never be read as proven authenticity. Regression: swapped_pubkey_forgery_defeated_only_by_pinned_key. Docs: THREAT_MODEL §12.1 (key-distribution rule), RED_TEAM_FINDINGS.md JG-RT-026, CHANGELOG. End-to-end verified (unpinned/pinned/wrong-key). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Internal red-team (#59) of the freshly-merged Action Manifest (#62) found a key-trust gap.
Finding (JG-RT-026, MED)
--verify-manifestsread the trusted Ed25519 public key from<audit-log>.manifests.pub— a file in the same directory as the log it verifies. An attacker who can rewrite the log can also rewrite that pubkey: regenerate self-consistent manifests signed with their own key, publish that key, and the verifier reportsOK. That silently defeats the non-repudiation the manifests exist to provide. (The originalforgery_with_different_key…test only passed because it manually restored the genuine pubkey, masking the gap.)Fix
verify_manifests()takes an optional pinned key; CLI adds--manifest-pubkey <hex>(out-of-band).pubkey_pinned=falseand reported as "self-consistency only," never mistakable for authenticity.Validation
swapped_pubkey_forgery_defeated_only_by_pinned_key(8 manifest tests total); fullts_clisuite green; fmt + clippy clean.🤖 Generated with Claude Code