[tor-bugs] #26045 [Applications/Tor Browser]: Create a new MAR signing key for ESR60

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jun 12 08:25:18 UTC 2018


#26045: Create a new MAR signing key for ESR60
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:
                                                 |  reopened
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  GeorgKoppen201806,                   |  Actual Points:
  TorBrowserTeam201806                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Were you able to reproduce the problem?

 Here is what I've got:
 {{{
 ArchiveReader::VerifySignature BEGIN
 ArchiveReader::VerifySignature - checking against primaryCertData
 VerifyLoadedCert BEGIN
 mar_verify_signatures - count: 1
 mar_verify_signatures - loading compiled-in cert 0 of length 1215
 mar_extract_and_verify_signatures_fp - key count: 1
 mar_extract_and_verify_signatures_fp - sig count: 1
 mar_extract_and_verify_signatures_fp - checking signature 0
 mar_extract_and_verify_signatures_fp - sig 0 has alg id 2
 mar_extract_and_verify_signatures_fp - signature len: 512
 mar_verify_signatures_for_fp - sig count: 1
 mar_verify_signatures_for_fp - checking signature 0
 libmar - NSS_VerifySignature BEGIN
 libmar - NSS_VerifySignature VFY_EndWithSignature  failed: -8182 (Peer's
 certificate has an invalid signature.)
 libmar - NSS_VerifySignature FAILED
 ERROR: Error verifying signature.
 VerifyLoadedCert - mar_verify_signatures FAILED
 ArchiveReader::VerifySignature - FAILURE
 }}}

 I double-checked the .der file and it says (amongst other things):
 "Signature Algorithm: sha384WithRSAEncryption".

 So, we indeed seem to have a key we want.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26045#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list