[tbb-bugs] #18287 [Applications/Tor Browser]: Use SHA-2 signature for Tor Browser setup executables
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Feb 20 09:13:55 UTC 2018
#18287: Use SHA-2 signature for Tor Browser setup executables
------------------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: enhancement | Status: assigned
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, TorBrowserTeam201802 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------------------------+--------------------------
Changes (by gk):
* cc: tom (added)
* keywords: tbb-security => tbb-security, TorBrowserTeam201802
Comment:
Today a Windows users showed up on IRC and said they needed a 64bit Tor
Browser because the stable 32bit one is not working on Windows 10 USN due
to missing WoW64 ("The subsystem needed to support the image type is not
present"). Furthermore, it turns out that the SHA1 signature we have on
our .exe files is not valid on that system either: it wants a SHA2 one as
SHA1 ones have been deprecated in Windows 10 USN and giving a unknown
publisher yellow UAC error now.
I wonder what that USN version is about and whether we could skip the
dual-signing dance with `osslsigncode` and just provide a SHA2 signature
given that we switch soon away from supporting XP and Vista anyway.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18287#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list