[tbb-bugs] #18287 [Applications/Tor Browser]: Use SHA-2 signature for Tor Browser setup executables

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Feb 20 09:13:55 UTC 2018

#18287: Use SHA-2 signature for Tor Browser setup executables
 Reporter:  gk                                  |          Owner:  tbb-team
     Type:  enhancement                         |         Status:  assigned
 Priority:  Medium                              |      Milestone:
Component:  Applications/Tor Browser            |        Version:
 Severity:  Normal                              |     Resolution:
 Keywords:  tbb-security, TorBrowserTeam201802  |  Actual Points:
Parent ID:                                      |         Points:
 Reviewer:                                      |        Sponsor:
Changes (by gk):

 * cc: tom (added)
 * keywords:  tbb-security => tbb-security, TorBrowserTeam201802


 Today a Windows users showed up on IRC and said they needed a 64bit Tor
 Browser because the stable 32bit one is not working on Windows 10 USN due
 to missing WoW64 ("The subsystem needed to support the image type is not
 present"). Furthermore, it turns out that the SHA1 signature we have on
 our .exe files is not valid on that system either: it wants a SHA2 one as
 SHA1 ones have been deprecated in Windows 10 USN and giving a unknown
 publisher yellow UAC error now.

 I wonder what that USN version is about and whether we could skip the
 dual-signing dance with `osslsigncode` and just provide a SHA2 signature
 given that we switch soon away from supporting XP and Vista anyway.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18287#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list