[tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Aug 22 18:01:16 UTC 2018 

#26536: Create APK signing keys
--------------------------------------+-----------------------------------
 Reporter:  sysrqb                    |          Owner:  tbb-team
     Type:  task                      |         Status:  needs_information
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-mobile                |  Actual Points:
Parent ID:  #26531                    |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+-----------------------------------

Comment (by sysrqb):

 I created a short-term keypair for only the initial alpha releases. We
 will create a new, long-term key before the first stable release. I have
 this key offline.

 {{{
 $ keytool -genkey -v -keystore tba_alpha.p12 -storetype pkcs12 -keyalg RSA
 -keysize 3072 -validity 10000 -alias tba_alpha
 }}}

 Key information
 {{{
 $ keytool -list -v -keystore tba_alpha.p12 -alias tba_alpha -storetype
 pkcs12
 Enter keystore password:
 Alias name: tba_alpha
 Creation date: Aug 22, 2018
 Entry type: PrivateKeyEntry
 Certificate chain length: 1
 Certificate[1]:
 Owner: CN=Tor Browser, OU=Applications Team, O=The Tor Project, L=Seattle,
 ST=WA, C=US
 Issuer: CN=Tor Browser, OU=Applications Team, O=The Tor Project,
 L=Seattle, ST=WA, C=US
 Serial number: 5f29a0f3
 Valid from: Wed Aug 22 17:17:47 UTC 2018 until: Sun Jan 07 17:17:47 UTC
 2046
 Certificate fingerprints:
          MD5:  6B:27:D0:7B:3B:5C:FA:E9:60:45:15:24:08:A0:72:AE
          SHA1: D8:D5:4C:45:85:F3:BB:2C:80:D3:6C:85:A0:D4:1B:6D:C9:6A:33:80
          SHA256:
 15:F7:60:B4:1A:CB:E4:78:3E:66:71:02:C9:F6:71:19:BE:2A:F6:2F:AB:07:76:3F:9D:57:F0:1E:5E:10:74:E1
 Signature algorithm name: SHA256withRSA
 Subject Public Key Algorithm: 3072-bit RSA key
 Version: 3

 Extensions:

 #1: ObjectId: 2.5.29.14 Criticality=false
 SubjectKeyIdentifier [
 KeyIdentifier [
 0000: E6 1D 34 04 98 A0 7A 83   42 2C 11 2A 8C 9D D3 D6  ..4...z.B,.*....
 0010: E7 9E 73 66                                        ..sf
 ]
 ]

 }}}

 Public Key Certificate:
 {{{
 $ keytool -exportcert -v -keystore tba_alpha.p12 -alias tba_alpha
 -storetype pkcs12 -rfc
 Enter keystore password:
 -----BEGIN CERTIFICATE-----
 MIIEjzCCAvegAwIBAgIEXymg8zANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJV
 UzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxGDAWBgNVBAoTD1RoZSBU
 b3IgUHJvamVjdDEaMBgGA1UECxMRQXBwbGljYXRpb25zIFRlYW0xFDASBgNVBAMT
 C1RvciBCcm93c2VyMB4XDTE4MDgyMjE3MTc0N1oXDTQ2MDEwNzE3MTc0N1oweDEL
 MAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMRgwFgYD
 VQQKEw9UaGUgVG9yIFByb2plY3QxGjAYBgNVBAsTEUFwcGxpY2F0aW9ucyBUZWFt
 MRQwEgYDVQQDEwtUb3IgQnJvd3NlcjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC
 AYoCggGBAJRv7+VdgiT268+L4q3MeuPKbl9mfGu72Js6wcFqlAyMRXTokvo2ythN
 +n8zMlpc2hHJ01dR88RgaqlUseF5LvuT6AaxI5zLMhaZbww0Np+XS/c9ZfxZ/0YZ
 WUIyJ5LUEeG9z1bBG0KKhoxyX9ab1IQkGYiRPRgiTaXlkSA+i11XYVDtigqX8C+u
 jl4UUr3yBT9AX1vJ1lC8gRLgwIcz8/9orpwaoUm/7VmEgx9N9Ys8ubXUlnT5Em4k
 wwbrnZuEO7OOwK3ZBSeOt9iFH/i2ASflu+cJ7JLFnd8ql9BtClXKP83u97ZD122N
 IaOiXf2YKH4LsWSZyZ6sk8N/cJO8mZ2i7QqWLoPfKqCz8xKoploItQ2NGiEVM5GR
 xsshW1iJ+d024OWupD6c2Mt8WMhbHHeZ3xBDBUqtvTijMSQztGh25ksTdO9pcJxQ
 kkUeOub4QL240MC0TdvPAP6wZFAo7do/TeKcpwCYmIyj6igiu/kLUfsDnZZtdw2m
 NCa1XVhM1wIDAQABoyEwHzAdBgNVHQ4EFgQU5h00BJigeoNCLBEqjJ3T1ueec2Yw
 DQYJKoZIhvcNAQELBQADggGBAHZkWaei+KqmWxqnbbrJcIOzZuy8zi+RSVKBQS/C
 ZPnqkIShT0W2bSVkMR4brvU5zDtRfpgfguFhRwnct/9GGdRlMJmEMTcm/4cNgZiz
 PNO2Y80HV3EsLTNDjFtMX8DBvltk0oZMSlllqGhb7tqZwCfeKBSPz+aH4XgnvpTv
 kWg/ux0BG+fkYgts3dYcQoaWZ6nEQYoPpJyJ+zgPrGtGITBHUrD2WCr6muarEVIR
 7JZfwjy1knFSblA/cgDzoRg13L13ntsCF98lGhiBZo8UGvmNFubSolwzmyf7US3z
 ZvypsKrXJXz0rU1pbFC01Dka626UVkzZoMf53m9KjcIpP92U3l2GZhXsqxJJ26tu
 8x98Jwi5l22upmOsNttAeYtUMI1ODdxL/uVEIVfOw48lyYQgOsdsIiKDi3NDbjto
 zMVZOPvcSx2ESrq+GaoKZjkXGAg7beRdLWvsmGGoejuft+N2yqRYaFQ7sjCVQlq2
 D9GDJUVvnPEj25zrwtgRmPgLZg==
 -----END CERTIFICATE-----
 }}}

 I debated whether we should create the key using RSA or ECDSA. I decided
 on using RSA, but we can discuss this later, before creating the long-term
 key.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26536#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list