[tor-bugs] #18008 [Tor Browser]: Create a new MAR signing key and bake it into Tor Browser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jan 19 11:44:09 UTC 2016
#18008: Create a new MAR signing key and bake it into Tor Browser
-------------------------------------------------+-------------------------
Reporter: gk | Owner: gk
Type: enhancement | Status:
Priority: Medium | needs_review
Component: Tor Browser | Milestone:
Severity: Normal | Version:
Keywords: tbb-security, TorBrowserTeam201601 | Resolution:
GeorgKoppen201601R tbb-5.5 | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------------------------------+-------------------------
Changes (by gk):
* status: new => needs_review
* keywords: tbb-security, TorBrowserTeam201601 GeorgKoppen201601 => tbb-
security, TorBrowserTeam201601 GeorgKoppen201601R tbb-5.5
Comment:
Okay, the patch is in bug_18008 (https://gitweb.torproject.org/user/gk
/tor-browser.git/commit/?h=bug_18008). I've tested that using the files
found in https://people.torproject.org/~gk/testbuilds/18008/.
The .tar.xz file has the new key baked in, the *en-US.mar file is
unsigned, the *en-US_oldkey.mar file is signed by the MAR key we want to
replace and the *en-US_newkey.mar file is signed by the new key. The
update contains just a NoScript bump from 2.9 to 2.9.0.2.
I tested this trying to update by extracting the .mar files manually. As
expected applying the first two MAR files fails but applying the one
signed with the new key succeeds. After restart the NoScript version is
bumped to 2.9.0.2.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18008#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list