[tbb-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys

[Tor Bug Tracker & Wiki]

#26536: Create APK signing keys
-------------------------------------------------+-------------------------
 Reporter:  sysrqb                               |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:
                                                 |  needs_information
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-mobile, TBA-a3, tbb-8.5-must,    |  Actual Points:
  TorBrowserTeam201905                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor8
-------------------------------------------------+-------------------------

Comment (by sysrqb):

 Okay, I think I finally got it.

 {{{
 $ apksigner sign --verbose --provider-class sun.security.pkcs11.SunPKCS11
 --provider-arg pkcs11_java.cfg --ks NONE --ks-type PKCS11 tor-
 browser-8.5a11-android-x86-multi-qa.apk
 Keystore password for signer #1:
 Signed
 }}}

 and the debug logs show:
 {{{
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] apdu.c:390:sc_single_transmit:
 returning with: 0 (Success)
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] apdu.c:543:sc_transmit:
 returning with: 0 (Success)
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] card.c:465:sc_unlock: called
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] card-
 openpgp.c:2036:pgp_compute_signature: returning with: 512
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] sec.c:63:sc_compute_signature:
 returning with: 512
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] card.c:465:sc_unlock: called
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11]
 pkcs15-sec.c:470:sc_pkcs15_compute_signature: returning with: 512
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] card.c:465:sc_unlock: called
 0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] reader-pcsc.c:663:pcsc_unlock:
 called
 0x70ed69e3f700 16:12:20.927 [opensc-pkcs11] framework-
 pkcs15.c:3853:pkcs15_prkey_sign: Sign complete. Result 512.
 0x70ed69e3f700 16:12:20.927 [opensc-pkcs11]
 mechanism.c:462:sc_pkcs11_signature_final: returning with: 0 (Success)
 0x70ed69e3f700 16:12:20.927 [opensc-pkcs11]
 mechanism.c:327:sc_pkcs11_sign_final: returning with: 0 (Success)
 0x70ed69e3f700 16:12:20.927 [opensc-pkcs11]
 pkcs11-object.c:765:C_SignFinal: C_SignFinal() = CKR_OK
 Signed
 }}}

 I installed opensc-pkcs11 (and opensc) from Sid (and pinned the source's
 priority low).

 {{{
 $ cat /etc/apt/preferences.d/sid_preferences
 Package: *
 Pin: release a=unstable
 Pin-Priority: 400

 $ sudo apt install opensc-pkcs11/sid opensc/sid
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26536#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online