Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2020-05-09 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-sign, tbb-mobile, TBA-a3,|  Actual Points:
  tbb-8.5-must, TorBrowserTeam201905 |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-
Changes (by gk):

 * keywords:  tbb-mobile, TBA-a3, tbb-8.5-must, TorBrowserTeam201905 => tbb-
 sign, tbb-mobile, TBA-a3, tbb-8.5-must, TorBrowserTeam201905


Comment:

 Replying to [comment:26 sysrqb]:
 > Okay, I think we're done with this (again). I'll open another ticket for
 documenting the process in tor-browser-spec.

 That's #31161.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2019-05-18 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-mobile, TBA-a3, tbb-8.5-must,|  Actual Points:
  TorBrowserTeam201905   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-
Changes (by sysrqb):

 * status:  reopened => closed
 * resolution:   => fixed


Comment:

 Okay, I think we're done with this (again). I'll open another ticket for
 documenting the process in tor-browser-spec.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2019-05-18 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  reopened
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, TBA-a3, tbb-8.5-must,|  Actual Points:
  TorBrowserTeam201905   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-

Comment (by sysrqb):

 Replying to [comment:22 eighthave]:
 > Now that I think about it, it would probably be easier to pin to the
 version in Debian/buster, then there it would get security support for
 free, as long as the security.debian.org deb source is there for buster
 too:
 >
 > {{{
 > Package: opensc opensc-pkcs11
 > Pin: release a=buster
 > Pin-Priority: 400
 > }}}

 Thanks! I'll try that.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2019-05-18 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  reopened
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, TBA-a3, tbb-8.5-must,|  Actual Points:
  TorBrowserTeam201905   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-

Comment (by sysrqb):

 I created a new certificate that expires in 5475 days (using the same key
 material). Now it's valid until `May 14 21:58:42 2034 GMT`.

 {{{
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA512

 $ pkcs15-tool -r 3 | openssl x509 -noout -text -fingerprint
 Using reader with a card: Nitrokey Nitrokey Pro (3961)
 00 00
 Certificate:
 Data:
 Version: 3 (0x2)
 Serial Number:
 ba:2d:f6:13:08:4d:2b:fd
 Signature Algorithm: sha256WithRSAEncryption
 Issuer: CN = Tor Browser, O = The Tor Project, L = Seattle, ST =
 WA, C = US
 Validity
 Not Before: May 18 21:58:42 2019 GMT
 Not After : May 14 21:58:42 2034 GMT
 Subject: CN = Tor Browser, O = The Tor Project, L = Seattle, ST =
 WA, C = US
 Subject Public Key Info:
 Public Key Algorithm: rsaEncryption
 Public-Key: (4096 bit)
 Modulus:
 00:f3:ee:23:1d:69:ce:43:5f:32:4a:d4:aa:39:8a:
 ef:31:31:87:6a:e7:45:63:42:8b:61:f6:ad:8c:65:
 c5:22:fd:df:6e:dc:c2:4f:6e:61:5a:d9:78:59:8f:
 8c:59:5c:63:2f:2d:51:df:82:25:ec:26:74:2a:f7:
 47:9d:8b:45:ee:a3:79:ac:7c:21:e8:66:5b:df:b2:
 ac:8f:00:08:c0:b4:7a:2b:a8:9c:aa:39:c5:81:c0:
 82:7d:35:59:9d:a3:d6:e0:fd:40:45:dd:4e:bd:ee:
 de:39:79:0b:e6:dd:63:0b:6b:a7:90:8b:eb:39:e2:
 0e:aa:9c:42:db:cc:5b:b7:b4:f7:a4:3f:0e:2f:9d:
 d9:1e:07:6e:2c:7c:dc:c2:f8:f9:b6:26:62:8f:36:
 68:31:eb:91:7d:2e:54:de:f8:59:df:04:20:84:46:
 0a:ad:cb:1d:53:ff:81:14:f8:d6:66:49:49:92:b2:
 60:af:2b:7f:4c:dd:80:b7:73:32:96:b7:9e:88:31:
 cb:c8:ba:54:b0:28:cf:32:02:df:da:84:85:55:40:
 56:7c:62:ae:d8:13:f3:2b:ae:e1:37:ce:3f:c1:49:
 a1:09:b0:a3:6e:32:fc:b2:8a:2a:8d:2e:7c:2f:67:
 d9:b1:89:ff:d2:e5:3f:ff:8e:dd:ad:e9:d0:5d:3e:
 33:56:0e:73:ec:bf:1f:8c:58:20:77:27:2a:e7:b5:
 e9:d1:6e:03:76:a0:ab:39:60:6b:20:89:e7:8c:bc:
 4a:37:da:4d:85:f5:96:5d:b4:20:cb:6d:77:71:73:
 48:a2:1b:49:35:8f:0c:34:74:2d:a7:4b:69:f6:74:
 6a:29:88:eb:81:5e:29:10:a7:f4:92:f5:2e:14:dc:
 c1:74:14:be:73:55:94:e6:b6:ad:62:bf:0a:70:1d:
 3a:3d:d2:74:57:05:01:01:e5:68:cf:32:53:6a:4e:
 7f:d0:69:90:8b:ac:cf:21:97:bb:9c:4c:25:85:44:
 6d:f2:bd:a2:3c:4e:dd:a6:71:cf:1a:88:18:03:95:
 99:51:07:1f:8d:03:ac:8d:ff:38:ab:00:ab:f8:8c:
 87:cd:37:83:81:50:32:f9:28:81:69:19:4e:ad:8e:
 a0:a2:8a:51:8c:d8:ec:0a:0c:d5:c6:08:00:de:16:
 83:a0:43:6b:09:a0:26:52:4a:be:df:f9:4e:0d:7a:
 c6:ef:3e:06:f8:86:5c:78:0b:c1:81:8c:64:13:43:
 89:ff:30:d4:33:10:53:ea:25:91:d6:58:08:21:5c:
 68:78:d1:fb:3e:4f:e7:62:7b:92:6f:b9:c1:03:1a:
 77:8f:6f:fe:87:bb:fe:35:14:1b:36:f2:71:b0:50:
 75:e7:5f
 Exponent: 65537 (0x10001)
 X509v3 extensions:
 X509v3 Basic Constraints:
 CA:FALSE
 X509v3 Key Usage:
 Digital Signature
 X509v3 Subject Key Identifier:
 6D:96:FB:E7:BE:D0:BD:62:CB:B0:C2:60:7B:6E:DA:93:ED:B6:94:55
 X509v3 Authority Key Identifier:
 keyid:6D:96:FB:E7:BE:D0:BD:62:CB:B0:C2:60:7B:6E:DA:93:ED:B6:94:55

 Signature Algorithm: sha256WithRSAEncryption
  27:c7:e9:40:53:3a:85:4a:ef:ce:95:54:38:a5:34:4b:d3:66:
  cd:2d:d8:c2:4e:8d:dc:99:0d:31:d3:ad:5c:53:31:ea:bc:b2:
  f0:1e:d5:51:7a:19:cc:5a:d5:43:9d:d8:19:3f:94:d5:47:4d:
  76:13:17:62:64:7d:ae:91:ed:b5:9e:e9:0a:84:ce:c2:df:c6:
  1d:da:eb:12:b8:8b:cc:58:ed:67:36

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2019-05-18 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  reopened
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, TBA-a3, tbb-8.5-must,|  Actual Points:
  TorBrowserTeam201905   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-
Changes (by sysrqb):

 * status:  closed => reopened
 * resolution:  fixed =>


Comment:

 I forgot Google Play requires the signing cert have a long lifetime.

 https://developer.android.com/studio/publish/app-signing#considerations
 {{{
 If you plan to publish your apps on Google Play, the key you use to sign
 your app must have a validity
 period ending after 22 October 2033. Google Play enforces this requirement
 to ensure that users can
 seamlessly upgrade apps when new versions are available.
 }}}

 The above key is only valid until 2023.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2019-05-10 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-mobile, TBA-a3, tbb-8.5-must,|  Actual Points:
  TorBrowserTeam201905   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-

Comment (by eighthave):

 Now that I think about it, it would probably be easier to pin to the
 version in Debian/buster, then there it would get security support for
 free, as long as the security.debian.org deb source is there for buster
 too:

 {{{
 Package: opensc opensc-pkcs11
 Pin: release a=buster
 Pin-Priority: 400
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2019-05-10 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-mobile, TBA-a3, tbb-8.5-must,|  Actual Points:
  TorBrowserTeam201905   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-

Comment (by eighthave):

 Awesome!  If you're willing to use stretch/backports for the opensc
 package, then I can easily get the version from sid in.  For fixing it in
 stretch directly, we'd need to isolate the bug, and include only a patch
 that fixes it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2019-05-09 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  task | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-mobile, TBA-a3, tbb-8.5-must,|  Actual Points:
  TorBrowserTeam201905   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-
Changes (by sysrqb):

 * status:  needs_information => closed
 * resolution:   => fixed


Comment:

 At this point, I think we can consider this complete. There are a few
 loose ends that remain, but the APK signing keys for alpha and stable are
 now created.

 Note: Below, delete the leading `- ` in front of `-BEGIN
 CERTIFICATE-` and `-END CERTIFICATE-` when inputting the
 certificate.
 {{{
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA512

 Signing for trac comment at Thu May  9 17:08:00 UTC 2019

 $ pkcs15-tool -r 3
 Using reader with a card: Nitrokey Nitrokey Pro (3961)
 00 00
 - -BEGIN CERTIFICATE-
 MIIFlTCCA32gAwIBAgIJAMx2uODilli+MA0GCSqGSIb3DQEBCwUAMFwxFDASBgNV
 BAMMC1RvciBCcm93c2VyMRgwFgYDVQQKDA9UaGUgVG9yIFByb2plY3QxEDAOBgNV
 BAcMB1NlYXR0bGUxCzAJBgNVBAgMAldBMQswCQYDVQQGEwJVUzAeFw0xOTA0MDIx
 OTQ0MjZaFw0yMzA0MDExOTQ0MjZaMFwxFDASBgNVBAMMC1RvciBCcm93c2VyMRgw
 FgYDVQQKDA9UaGUgVG9yIFByb2plY3QxEDAOBgNVBAcMB1NlYXR0bGUxCzAJBgNV
 BAgMAldBMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
 ggIBAPPuIx1pzkNfMkrUqjmK7zExh2rnRWNCi2H2rYxlxSL9327cwk9uYVrZeFmP
 jFlcYy8tUd+CJewmdCr3R52LRe6jeax8IehmW9+yrI8ACMC0eiuonKo5xYHAgn01
 WZ2j1uD9QEXdTr3u3jl5C+bdYwtrp5CL6zniDqqcQtvMW7e096Q/Di+d2R4Hbix8
 3ML4+bYmYo82aDHrkX0uVN74Wd8EIIRGCq3LHVP/gRT41mZJSZKyYK8rf0zdgLdz
 Mpa3nogxy8i6VLAozzIC39qEhVVAVnxirtgT8yuu4TfOP8FJoQmwo24y/LKKKo0u
 fC9n2bGJ/9LlP/+O3a3p0F0+M1YOc+y/H4xYIHcnKue16dFuA3agqzlgayCJ54y8
 SjfaTYX1ll20IMttd3FzSKIbSTWPDDR0LadLafZ0aimI64FeKRCn9JL1LhTcwXQU
 vnNVlOa2rWK/CnAdOj3SdFcFAQHlaM8yU2pOf9BpkIuszyGXu5xMJYVEbfK9ojxO
 3aZxzxqIGAOVmVEHH40DrI3/OKsAq/iMh803g4FQMvkogWkZTq2OoKKKUYzY7AoM
 1cYIAN4Wg6BDawmgJlJKvt/5Tg16xu8+BviGXHgLwYGMZBNDif8w1DMQU+olkdZY
 CCFcaHjR+z5P52J7km+5wQMad49v/oe7/jUUGzbycbBQdedfAgMBAAGjWjBYMAkG
 A1UdEwQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBRtlvvnvtC9YsuwwmB7btqT
 7baUVTAfBgNVHSMEGDAWgBRtlvvnvtC9YsuwwmB7btqT7baUVTANBgkqhkiG9w0B
 AQsFAAOCAgEAg1aTx1W2cVQzgFoARsZ5ymoJjk4PZVEL3vnL8clt4wCxZ9CYf7sR
 VRUgd/rdmQkaB63MBnzK17gef99TXvl63iOrcwYGKVynnsVrHwBRA69xn0ANyyYc
 r47dLV636P6s6wTvhAmzeyqgoBSbSQHWAK0kemj+c2hfs6oiMVWgJYfo390yxRs9
 1JWmysUeBRT2fgkR008HHm+0Un1kwvr/TZdQ9s09hr9nvuB4mEcHkIQB9RmESFc9
 +BDWBKGsQQevAXEr2+CgDqC1dF4lBVbyWo9FoJTtX2Qx/08UVcRpof+V8Xgqdz0B
 4le4HZLo3sQIMDWEcNrmcbF6wIYAz7SSY+IU7B3CSMmwYS9OzM8d9EXgygyKaW6i
 WSHNrj8WLeZvZ99Bwa5aXTD4PNJ2lJ51GIGN/3uJ5qKK6Aw63zi9TWAtcwYai+Kj
 2hGyx+PaxsQ8tAGzcSu9W+iSGEXsL+QiVC4HjjyJF6uEDC3JncvkPtgWNNnV+I4K
 Hx/BpCWUsmD1Kz2sFiSA3+zQP5CRxxLWFLu4lije7D9J0YztQBDvhjqvijpd0r0y
 1wRDpDMoAKN/Ro3xZkOG7ZKULNsUmpNa6ntIwHYfpn4wOIfJV2tkozHjsUYpUUOm
 ufhVN8JbZVKy3lGTBjwLBmST+Hx2dy5EvjJwyVfDXGNOdjGBEZIvLmc=
 - -END CERTIFICATE-
 -BEGIN PGP SIGNATURE-

 iQIzBAEBCgAdFiEEmQpn3DVLpEMbqGYohK8DqE7aGAAFAlzUX3sACgkQhK8DqE7a
 GAC42hAAgsn/rK+MF+jprDoir3yaPa96lYMiHWqDJTefPibzjJ+qn/3w1tFmyvNT
 4JWelUnIXK9YigDaNpK8uhzJgdgCv8yhb/e53lcEXKWOpdW8KAni0l8Bs25qB4cw
 TVftLVZIY2CsWnGTiS05Jp9pi99eXc86eUMAhnno4uRgbBG4Dj0ANkfEtvoDE1Gk
 irAVAeI1IoBytLqWQzRm+lbyxxwF0A09H6ux1FwK0aJGCxpM2L+93qL8SvKQF1eD
 W6AivqX/qCdW/FA6MicMQw4btDUkM3Z0MNP+N5OJtW+kvZ6cUGQSc3ahoV3UGL2a
 akWxgYNirj+UqMGMWH7g8xtdEClO9eFzRWCe6+tqr0quxB+1UOtOVkJi1lYUC5/M
 zo1cM6eZVKvkJSqDHVQlKcXNW1/espTEVc2NeuoAmNjWaVThBSYkQ+I2S1QKjxYI
 6450z5POKvmCmdzeMuUyNH8dMa0iAn1Fa3hZirv4aJBDSccy31h8Yav/CCoYVmFv
 MeZ1beKP5xgJt7B/8xzD+DXWuIy7Uwe80TcVKnBrWUyFGHtSp6EV5HFRPO+B5x+d
 Z6p268dbodrVu56i28NSvtV3XMOO3X16YQfnw1GJvU0GN2+oxuNl4e1nNbDPXk8X
 6Xr7Upqzejkr+m9x5lOrsxth6s1X50IuP4/DDlJMrPfy71isuic=
 =aqHW
 -END PGP SIGNATURE-
 }}}

 {{{
 $ pkcs15-tool -r 3 | openssl x509 -noout -text -fingerprint
 Using reader with a card: Nitrokey Nitrokey Pro (3961)
 00 00
 Certificate:
 Data:
 Version: 3 (0x2)
 Serial Number:
 cc:76:b8:e0:e2:96:58:be
 Signature Algorithm: sha256WithRSAEncryption
 Issuer: CN = Tor Browser, O = The Tor Project, L = Seattle, ST =
 WA, C = US
 Validity
 Not Before: Apr  2 19:44:26 2019 GMT
 Not After : Apr  1 19:44:26 2023 GMT
 Subject: CN = Tor Browser, O = The Tor Project, L = Se

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2019-05-09 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, TBA-a3, tbb-8.5-must,|  Actual Points:
  TorBrowserTeam201905   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-

Comment (by sysrqb):

 Replying to [comment:16 eighthave]:
 > Wow, you have really dug into the depths here!  Great to see, but sucks
 that this is still so hard.  Maybe the short term answer is using
 _jarsigner_?  That will introduce an annoying reproducibility issue since
 _jarsigner_ includes the full Java major/minor/bugfix/patch version in the
 META-INF/MANIFEST.MF in the APK.
 >

 Yeah, I was hoping we could avoid using jarsigner (in particular so we can
 take advantage of the newer APK signature schemes.

 > As for fixing apksigner, I'm up for getting fixing into Debian, I
 maintain that package.  It should be possible to get fixes into both
 stretch and buster, if they are not too big.  I think that would also be
 possible for opensc-pkcs11, but i'm not the maintainer of that package, so
 harder to promise anything.

 The problem here is on Stretch the bug I was hitting is in opensc-pkcs11 -
 not apksigner. On Fedora 29, the bug is in apksigner, so I opened a ticket
 for that.

 https://issuetracker.google.com/issues/132333137

 >
 > Maybe there is already a fix upstream, did you look at
 https://android.googlesource.com/platform/tools/apksig/ ?

 Yeah, sadly it isn't fixed. I didn't see any tickets closely related to it
 either - other than one ticket from 2017 but it wasn't helpful.

 Thanks for the comments, though - it's all good to know.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2019-05-09 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, TBA-a3, tbb-8.5-must,|  Actual Points:
  TorBrowserTeam201905   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-

Comment (by sysrqb):

 Okay, I think I finally got it.

 {{{
 $ apksigner sign --verbose --provider-class sun.security.pkcs11.SunPKCS11
 --provider-arg pkcs11_java.cfg --ks NONE --ks-type PKCS11 tor-
 browser-8.5a11-android-x86-multi-qa.apk
 Keystore password for signer #1:
 Signed
 }}}

 and the debug logs show:
 {{{
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] apdu.c:390:sc_single_transmit:
 returning with: 0 (Success)
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] apdu.c:543:sc_transmit:
 returning with: 0 (Success)
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] card.c:465:sc_unlock: called
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] card-
 openpgp.c:2036:pgp_compute_signature: returning with: 512
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] sec.c:63:sc_compute_signature:
 returning with: 512
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] card.c:465:sc_unlock: called
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11]
 pkcs15-sec.c:470:sc_pkcs15_compute_signature: returning with: 512
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] card.c:465:sc_unlock: called
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] reader-pcsc.c:663:pcsc_unlock:
 called
 0x70ed69e3f700 16:12:20.927 [opensc-pkcs11] framework-
 pkcs15.c:3853:pkcs15_prkey_sign: Sign complete. Result 512.
 0x70ed69e3f700 16:12:20.927 [opensc-pkcs11]
 mechanism.c:462:sc_pkcs11_signature_final: returning with: 0 (Success)
 0x70ed69e3f700 16:12:20.927 [opensc-pkcs11]
 mechanism.c:327:sc_pkcs11_sign_final: returning with: 0 (Success)
 0x70ed69e3f700 16:12:20.927 [opensc-pkcs11]
 pkcs11-object.c:765:C_SignFinal: C_SignFinal() = CKR_OK
 Signed
 }}}

 I installed opensc-pkcs11 (and opensc) from Sid (and pinned the source's
 priority low).

 {{{
 $ cat /etc/apt/preferences.d/sid_preferences
 Package: *
 Pin: release a=unstable
 Pin-Priority: 400

 $ sudo apt install opensc-pkcs11/sid opensc/sid
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2019-05-08 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, TBA-a3, tbb-8.5-must,|  Actual Points:
  TorBrowserTeam201904   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-

Comment (by eighthave):

 Wow, you have really dug into the depths here!  Great to see, but sucks
 that this is still so hard.  Maybe the short term answer is using
 _jarsigner_?  That will introduce an annoying reproducibility issue since
 _jarsigner_ includes the full Java major/minor/bugfix/patch version in the
 META-INF/MANIFEST.MF in the APK.

 As for fixing apksigner, I'm up for getting fixing into Debian, I maintain
 that package.  It should be possible to get fixes into both stretch and
 buster, if they are not too big.  I think that would also be possible for
 opensc-pkcs11, but i'm not the maintainer of that package, so harder to
 promise anything.

 Maybe there is already a fix upstream, did you look at
 https://android.googlesource.com/platform/tools/apksig/ ?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2019-05-08 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, TBA-a3, tbb-8.5-must,|  Actual Points:
  TorBrowserTeam201904   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-

Comment (by sysrqb):

 Oh, and this is on Debian Stretch (above is for Fedora 29) - the paths are
 different on the distros.

 {{{
 $ cat pkcs11_java.cfg
 name = OpenSC-PKCS11
 description = SunPKCS11 via OpenSC
 library = /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
 slotListIndex = 0
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2019-05-08 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_information
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, TBA-a3, tbb-8.5-must,|  Actual Points:
  TorBrowserTeam201904   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor8
-+-
Changes (by sysrqb):

 * cc: eighthave (added)


Comment:

 This is a little-bit of a brain dump. I went on a deep-dive into the code
 for APK signing and using a nitrokey as a key store. As far as I
 understand it, the answer is "you can't because the stars didn't align
 correctly" - but I'm CCing Hans in case I missed something. Maybe this
 works if we get `opensc-pkcs11` packages from `stretch-backport`?

 At the beginning, I followed some of the
 [https://geoffreymetais.github.io/code/key-signing/ existing] guides for
 putting a signing certificate in PKCS12 key store onto the nitrokey.
 Unfortunately, that didn't work because importing the certificate via
 `keytool` failed. When keytool "stored" the key, it gave key type as an
 ASCII string instead of the binary number. This resulted in:
 {{{
 0x70d49bdbc700 19:54:34.511 [opensc-pkcs11] card-
 openpgp.c:2827:pgp_store_key: Unknown key type 49.
 0x70d49bdbc700 19:54:34.511 [opensc-pkcs11] card-
 openpgp.c:2828:pgp_store_key: returning with: -1300 (Invalid arguments)
 0x70d49bdbc700 19:54:34.511 [opensc-pkcs11] card-
 openpgp.c:3009:pgp_card_ctl: returning with: -1300 (Invalid arguments)
 0x70d49bdbc700 19:54:34.511 [opensc-pkcs11] card.c:961:sc_card_ctl:
 returning with: -1300 (Invalid arguments)
 0x70d49bdbc700 19:54:34.511 [opensc-pkcs11]
 pkcs15-openpgp.c:142:openpgp_store_key: returning with: -1300 (Invalid
 arguments)
 0x70d49bdbc700 19:54:34.511 [opensc-pkcs11]
 pkcs15-lib.c:1683:sc_pkcs15init_store_private_key: Card specific 'store
 key' failed: -1300 (Invalid arguments)
 }}}

 Eventually, I found the documentation on the OpenSC
 [https://github.com/OpenSC/OpenSC/wiki/OpenPGP-card#6-import-key-resp-
 certificate wiki page], and I successfully imported the certificate and
 key:
 {{{
 pkcs15-init --delete-objects privkey,pubkey,chain --id 3 --store-private-
 key secret_and_certificate.p12 --format pkcs12 --auth-id 3 --verify-pin
 }}}

 And reading the stored public key and certificate information works
 {{{
 $ pkcs15-tool --read-public-key 3
 Using reader with a card: Nitrokey Nitrokey Pro (3961)
 00 00
 -BEGIN PUBLIC KEY-
 MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA8+4jHWnOQ18yStSqOYrv
 MTGHaudFY0KLYfatjGXFIv3fbtzCT25hWtl4WY+MWVxjLy1R34Il7CZ0KvdHnYtF
 7qN5rHwh6GZb37KsjwAIwLR6K6icqjnFgcCCfTVZnaPW4P1ARd1Ove7eOXkL5t1j
 C2unkIvrOeIOqpxC28xbt7T3pD8OL53ZHgduLHzcwvj5tiZijzZoMeuRfS5U3vhZ
 3wQghEYKrcsdU/+BFPjWZklJkrJgryt/TN2At3MylreeiDHLyLpUsCjPMgLf2oSF
 VUBWfGKu2BPzK67hN84/wUmhCbCjbjL8sooqjS58L2fZsYn/0uU//47drenQXT4z
 Vg5z7L8fjFggdycq57Xp0W4DdqCrOWBrIInnjLxKN9pNhfWWXbQgy213cXNIohtJ
 NY8MNHQtp0tp9nRqKYjrgV4pEKf0kvUuFNzBdBS+c1WU5ratYr8KcB06PdJ0VwUB
 AeVozzJTak5/0GmQi6zPIZe7nEwlhURt8r2iPE7dpnHPGogYA5WZUQcfjQOsjf84
 qwCr+IyHzTeDgVAy+SiBaRlOrY6goopRjNjsCgzVxggA3haDoENrCaAmUkq+3/lO
 DXrG7z4G+IZceAvBgYxkE0OJ/zDUMxBT6iWR1lgIIVxoeNH7Pk/nYnuSb7nBAxp3
 j2/+h7v+NRQbNvJxsFB1518CAwEAAQ==
 -END PUBLIC KEY-
 $ keytool -providerClass sun.security.pkcs11.SunPKCS11 -providerArg
 ~/pkcs11_java.cfg -providerName SunPKCS11-OpenSC-PKCS11 -keystore NONE
 -storetype PKCS11 -list
 Enter keystore password:
 Keystore type: PKCS11
 Keystore provider: SunPKCS11-OpenSC-PKCS11

 Your keystore contains 1 entry

 Cardholder certificate, PrivateKeyEntry,
 Certificate fingerprint (SHA-256):
 
EE:82:97:2E:1E:30:2F:67:9B:C7:0F:45:A4:EE:24:E0:80:80:05:BB:28:00:A1:E1:6F:68:3D:93:FC:79:C4:EF
 }}}

 However, signing with `apksigner` does not:
 {{{
 $ apksigner sign --provider-class sun.security.pkcs11.SunPKCS11
 --provider-arg pkcs11_java.cfg --ks NONE --ks-type SunPKCS11-OpenSC-PKCS11
 tor-browser-8.5a11-android-x86-multi-qa.apk
 Exception in thread "main" java.lang.NoSuchMethodException:
 sun.security.pkcs11.SunPKCS11.(java.lang.String)
 at java.base/java.lang.Class.getConstructor0(Class.java:3350)
 at java.base/java.lang.Class.getConstructor(Class.java:2152)
 at
 
com.android.apksigner.ApkSignerTool$ProviderInstallSpec.installProvider(ApkSignerTool.java:600)
 at
 
com.android.ap

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2018-10-08 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
--+---
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  task  | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile, TBA-a3|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by gk):

 * keywords:  tbb-mobile, TBA-a2 => tbb-mobile, TBA-a3


Comment:

 Moving this to TBA-a3

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2018-09-10 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
--+---
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  task  | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile, TBA-a2|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by sysrqb):

 * keywords:  tbb-mobile => tbb-mobile, TBA-a2
 * parent:  #26531 =>


Comment:

 Moving to second-alpha TBA keyword.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2018-08-22 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
--+---
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  task  | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #26531| Points:
 Reviewer:|Sponsor:
--+---

Comment (by sysrqb):

 I created a short-term keypair for only the initial alpha releases. We
 will create a new, long-term key before the first stable release. I have
 this key offline.

 {{{
 $ keytool -genkey -v -keystore tba_alpha.p12 -storetype pkcs12 -keyalg RSA
 -keysize 3072 -validity 1 -alias tba_alpha
 }}}

 Key information
 {{{
 $ keytool -list -v -keystore tba_alpha.p12 -alias tba_alpha -storetype
 pkcs12
 Enter keystore password:
 Alias name: tba_alpha
 Creation date: Aug 22, 2018
 Entry type: PrivateKeyEntry
 Certificate chain length: 1
 Certificate[1]:
 Owner: CN=Tor Browser, OU=Applications Team, O=The Tor Project, L=Seattle,
 ST=WA, C=US
 Issuer: CN=Tor Browser, OU=Applications Team, O=The Tor Project,
 L=Seattle, ST=WA, C=US
 Serial number: 5f29a0f3
 Valid from: Wed Aug 22 17:17:47 UTC 2018 until: Sun Jan 07 17:17:47 UTC
 2046
 Certificate fingerprints:
  MD5:  6B:27:D0:7B:3B:5C:FA:E9:60:45:15:24:08:A0:72:AE
  SHA1: D8:D5:4C:45:85:F3:BB:2C:80:D3:6C:85:A0:D4:1B:6D:C9:6A:33:80
  SHA256:
 
15:F7:60:B4:1A:CB:E4:78:3E:66:71:02:C9:F6:71:19:BE:2A:F6:2F:AB:07:76:3F:9D:57:F0:1E:5E:10:74:E1
 Signature algorithm name: SHA256withRSA
 Subject Public Key Algorithm: 3072-bit RSA key
 Version: 3

 Extensions:

 #1: ObjectId: 2.5.29.14 Criticality=false
 SubjectKeyIdentifier [
 KeyIdentifier [
 : E6 1D 34 04 98 A0 7A 83   42 2C 11 2A 8C 9D D3 D6  ..4...z.B,.*
 0010: E7 9E 73 66..sf
 ]
 ]

 }}}

 Public Key Certificate:
 {{{
 $ keytool -exportcert -v -keystore tba_alpha.p12 -alias tba_alpha
 -storetype pkcs12 -rfc
 Enter keystore password:
 -BEGIN CERTIFICATE-
 MIIEjzCCAvegAwIBAgIEXymg8zANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJV
 UzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxGDAWBgNVBAoTD1RoZSBU
 b3IgUHJvamVjdDEaMBgGA1UECxMRQXBwbGljYXRpb25zIFRlYW0xFDASBgNVBAMT
 C1RvciBCcm93c2VyMB4XDTE4MDgyMjE3MTc0N1oXDTQ2MDEwNzE3MTc0N1oweDEL
 MAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMRgwFgYD
 VQQKEw9UaGUgVG9yIFByb2plY3QxGjAYBgNVBAsTEUFwcGxpY2F0aW9ucyBUZWFt
 MRQwEgYDVQQDEwtUb3IgQnJvd3NlcjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC
 AYoCggGBAJRv7+VdgiT268+L4q3MeuPKbl9mfGu72Js6wcFqlAyMRXTokvo2ythN
 +n8zMlpc2hHJ01dR88RgaqlUseF5LvuT6AaxI5zLMhaZbww0Np+XS/c9ZfxZ/0YZ
 WUIyJ5LUEeG9z1bBG0KKhoxyX9ab1IQkGYiRPRgiTaXlkSA+i11XYVDtigqX8C+u
 jl4UUr3yBT9AX1vJ1lC8gRLgwIcz8/9orpwaoUm/7VmEgx9N9Ys8ubXUlnT5Em4k
 wwbrnZuEO7OOwK3ZBSeOt9iFH/i2ASflu+cJ7JLFnd8ql9BtClXKP83u97ZD122N
 IaOiXf2YKH4LsWSZyZ6sk8N/cJO8mZ2i7QqWLoPfKqCz8xKoploItQ2NGiEVM5GR
 xsshW1iJ+d024OWupD6c2Mt8WMhbHHeZ3xBDBUqtvTijMSQztGh25ksTdO9pcJxQ
 kkUeOub4QL240MC0TdvPAP6wZFAo7do/TeKcpwCYmIyj6igiu/kLUfsDnZZtdw2m
 NCa1XVhM1wIDAQABoyEwHzAdBgNVHQ4EFgQU5h00BJigeoNCLBEqjJ3T1ueec2Yw
 DQYJKoZIhvcNAQELBQADggGBAHZkWaei+KqmWxqnbbrJcIOzZuy8zi+RSVKBQS/C
 ZPnqkIShT0W2bSVkMR4brvU5zDtRfpgfguFhRwnct/9GGdRlMJmEMTcm/4cNgZiz
 PNO2Y80HV3EsLTNDjFtMX8DBvltk0oZMSlllqGhb7tqZwCfeKBSPz+aH4XgnvpTv
 kWg/ux0BG+fkYgts3dYcQoaWZ6nEQYoPpJyJ+zgPrGtGITBHUrD2WCr6muarEVIR
 7JZfwjy1knFSblA/cgDzoRg13L13ntsCF98lGhiBZo8UGvmNFubSolwzmyf7US3z
 ZvypsKrXJXz0rU1pbFC01Dka626UVkzZoMf53m9KjcIpP92U3l2GZhXsqxJJ26tu
 8x98Jwi5l22upmOsNttAeYtUMI1ODdxL/uVEIVfOw48lyYQgOsdsIiKDi3NDbjto
 zMVZOPvcSx2ESrq+GaoKZjkXGAg7beRdLWvsmGGoejuft+N2yqRYaFQ7sjCVQlq2
 D9GDJUVvnPEj25zrwtgRmPgLZg==
 -END CERTIFICATE-
 }}}

 I debated whether we should create the key using RSA or ECDSA. I decided
 on using RSA, but we can discuss this later, before creating the long-term
 key.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2018-08-22 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
--+---
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  task  | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #26531| Points:
 Reviewer:|Sponsor:
--+---

Comment (by sysrqb):

 Woah! "Android 9 supports APK key rotation, which gives apps the ability
 to change their signing key as part of an APK update."
 https://source.android.com/security/apksigning/v3

 This is only with the newest version of Android. It includes support for a
 new signature scheme.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2018-08-01 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
--+---
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  task  | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #26531| Points:
 Reviewer:|Sponsor:
--+---

Comment (by sysrqb):

 Replying to [comment:2 gk]:
 > What's the story in case the key gets compromised/lost and needs to get
 replaced?

 Total sadness.

 >How is that handled? (I am in particular interested in the impact for
 updates)

 Basically, we would generate a new key, and existing users would not be
 able to install the next update because the signing key would be
 different. As a result, we would have two options. 1) release a new
 version of the app signed with the new key, but first an existing user
 would need to uninstall the old version of the app before they can install
 the new version. 2) release a new version of the app using a different
 name (org.torproject.torbrowser2, or something like that). If we use a
 different name, then the user can have both versions installed at the same
 time and they can manually copy any bookmarks from one app to the other.

 We might want to create a plan for how we inform users about this
 situation and what they should do.

 {{{
 If you lose access to your app signing key or your key is compromised,
 Google cannot retrieve the app signing key for you, and you will not
 be able to release new versions of your app to users as updates to the
 original app.
 }}}
 https://developer.android.com/studio/publish/app-signing#self-manage

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2018-08-01 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
--+---
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  task  | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #26531| Points:
 Reviewer:|Sponsor:
--+---

Comment (by gk):

 What's the story in case the key gets compromised/lost and needs to get
 replace? How is that handled?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2018-07-16 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
--+---
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  task  | Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #26531| Points:
 Reviewer:|Sponsor:
--+---
Changes (by sysrqb):

 * status:  new => needs_information


Comment:

 It appears we can create and store the key offline.

 I was hoping we could create an "identity" key and a "signing" key for
 Android, but it seems like this won't work. Specifically,
 [[https://source.android.com/security/apksigning/v2|newer versions]] of
 Android support signing an app where the public key for verifying the
 signature is stored in two places. The first place is at the end of the
 signing block. This key has only one purpose - for verifying the signing
 block signatures are valid. The second place is the public key is stored
 within the signing block but here we may include a certificate chain. I
 was hoping we could create a long-term identity key and then a short-term
 signing keys, similar to PGP primary key and subkeys. However, from my
 code diving, Android does not verify the certificate chain embedded in the
 app. Android only verifies the
 
[[https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java#376|first
 (leaf) certificate]] in the embedded certificate chain contains the same
 public key as the public key provided at the end of the signing block used
 for verifying the signature.

 We should generate the key offline - Hans published a nice script for this
 (although its a little old) https://github.com/guardianproject/smartcard-
 apk-signing/blob/master/openssl-gen/gen.sh

 We can use a Yubikey or Nitrokey for storing the key. I'll feel more
 comfortable if we have more than one copy of the key.

 Newer versions of Android support something called
 
[[https://android.googlesource.com/platform/frameworks/base/+/master/services/core/java/com/android/server/pm/PackageManagerService.java#17745|(upgrade)
 keysets]] for verifying the apps authenticity. I'm not sure how we can use
 it yet. I think it allows for adding more signatures using more keys, but
 I'm not sure if there's a way we can use it for rotating keys.

 With all this being said, we can likely generate our first APK signing key
 using a similar method as the Tor Browser PGP signing key - using an
 offline laptop booted with TAILS, etc.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

2018-06-27 Thread Tor Bug Tracker & Wiki 
#26536: Create APK signing keys
--+
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-mobile
Actual Points:|  Parent ID:  #26531
   Points:|   Reviewer:
  Sponsor:|
--+
 This is the ticket so we can decide how we create it, where we store it,
 what mechanisms can we use for securing it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs