[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #26045 [Applications/Tor Browser]: Create a new MAR signing key for ESR60

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #26045 [Applications/Tor Browser]: Create a new MAR signing key for ESR60
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 12 Jun 2018 09:25:44 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 12 Jun 2018 05:26:11 -0400
In-reply-to: <042.a4d5c9fd4705426c1856617b9b11a946@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.a4d5c9fd4705426c1856617b9b11a946@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#26045: Create a new MAR signing key for ESR60
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:
                                                 |  reopened
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  GeorgKoppen201806,                   |  Actual Points:
  TorBrowserTeam201806                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Two additional bits of information that may help:

 1) I essentially used the key generation command as specified in our
 KeyGeneration doc, just adjusted to the new hash length. I.e. `certutil -d
 nssdb -S -x -g 4096 -Z SHA384 -n marsigner -s "CN=Tor Browser MAR signing
 key" -t,,`

 2) For signing I used the old script we had in the Gitian days,
 `signmars.sh` changed to check for the new cert9.db and to make sure it is
 using the new mar-tools (i.e. those built with the esr60 nightly).

 If you want to inspect the .der certs, I used `bug_26045` in my public
 `tor-browser-build` repo for building.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26045#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #26373 [Core Tor/Tor]: test_rust.sh should detect when it's being invoked improperly and error out
Next by Author: Re: [tor-bugs] #26437 [Core Tor/Tor]: Forking tests fails on Windows if there is a space in the path of the test runner
Previous by thread: Re: [tor-bugs] #26045 [Applications/Tor Browser]: Create a new MAR signing key for ESR60
Next by thread: Re: [tor-bugs] #26045 [Applications/Tor Browser]: Create a new MAR signing key for ESR60
Index(es):
- Author
- Thread