Sherief Alaa transcribed 13K bytes:
Hi Everyone,
(moving this email from the support-team ML to tor-dev as Runa suggested.)
I am starting to work on a small GUI tool for file verification because I find guiding users through the verification process on Windows/Mac through the command line painful.
Tools in use:
- Python 3.3 or 2.7 (still didn't decide yet).
- PyQT
- python-gnupg-0.3.5
Hi Sherief,
I'm not sure if you were planning on using the upstream version, or the python-gnupg that I (re)wrote to fix the arbitrary code exec vulns, but the one you mention (python-gnupg-0.3.5) is upstream, not mine. Though, granted, they have fixed some of the vulns in the latest version.
I probably should also point out if you're thinking of using the upstream, that their "unittests" are run encased in try/except blocks, and thus never fail even when they should.
Third, the upstream version doesn't handle unicode very well. If you're using it for file verification of TBB sha256sum files, it shouldn't matter as much, but if the user tries to verify anything containing non-ascii characters it's going to quickly become ten times as painful.
I might also add a log window and a save log button to see what went wrong during the verification process.
Attached is a draft design of how the tool would look like.
On Mon, Sep 23, 2013 at 7:12 PM, Lunar lunar@torproject.org wrote:
How do you think users will be able to install such a tool on their system?
There won't be any installation required It's a single executable.
Neither my version nor upstream's is an implementation of the OpenPGP spec. In other words, they both expect you to have a GnuPG binary already present on the system. My version will handle multiple versions of GnuPG, up to builds of branches 2.0.x. I don't recall what upstream handles, though if I recall correctly, just GnuPG 1.4.12-14.
So, at bare minimum, you have two executables, if you ship GPG4Win (horribly out of date, I don't recommend it) and you compile your script and its Python dependencies into executables. You might want to check on how the APAF folks are getting along with their work; they intend to create some sort of cross-platform Python App runner.
More importantly, how will they be able to ensure that it's not a tampered version?
I've thought about that and few things came to mind:
- Include the executable inside TBB.
- Host it somewhere and also provide a SHA-256 hash on a website or in a
file.
Also, copies of the keys which made the signatures.
Hope this helps a bit,