[tbb-bugs] #18287 [Applications/Tor Browser]: Use SHA-2 signature for Tor Browser setup executables

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri May 18 09:53:01 UTC 2018

#18287: Use SHA-2 signature for Tor Browser setup executables
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:  closed
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:  fixed
 Keywords:  tbb-security, TorBrowserTeam201805,  |  Actual Points:
  GeorgKoppen201805                              |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
Changes (by gk):

 * status:  assigned => closed
 * resolution:   => fixed


 Okay, Mozilla is still using SHA-1 for signing the installer (with a SHA-2
 cert) but I've amended our signing script so that we use SHA-256 from now
 on. We'll test that in the first ESR50-based alpha. The script to use for
 signing those .exe files is the *256.sh one.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18287#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list