[tor-bugs] #3861 [Tor bundles/installation]: begin signing Windows packages the Windows way
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jan 16 14:31:34 UTC 2015
#3861: begin signing Windows packages the Windows way
------------------------------------------+--------------------------------
Reporter: erinn | Owner: erinn
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Resolution: | Keywords: tbb-3.0, tbb-
Actual Points: | security
Points: | Parent ID:
------------------------------------------+--------------------------------
Changes (by gk):
* cc: gk (added)
* keywords: tbb-3.0, needs-triage => tbb-3.0, tbb-security
Comment:
As an update on this: we have an Aladdin eToken PRO 72K with a Digicert
certificate we plan to use for this. The first problem is we need binary
blobs to get the eToken going, something that is called
SafeNetAuthentication client. I plan to only use the minimal amount of
binary files we actually need and try to get some sha256 sums from some
official people. I looked into using OpenSC but our token is not
supported: https://github.com/OpenSC/OpenSC/wiki/Frequently-Asked-
Questions#q-can-i-use-aladdin-etoken-with-opensc
The second problem is which software should we actually use for signing
`osslsigncode` which would have been my favorite one cannot handle that
token yet: http://sourceforge.net/p/osslsigncode/feature-requests/7/. I am
not done with evaluating alternatives yet.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3861#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list