[tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu May 9 17:21:56 UTC 2019
#26536: Create APK signing keys
-------------------------------------------------+-------------------------
Reporter: sysrqb | Owner: tbb-
| team
Type: task | Status: closed
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution: fixed
Keywords: tbb-mobile, TBA-a3, tbb-8.5-must, | Actual Points:
TorBrowserTeam201905 |
Parent ID: | Points:
Reviewer: | Sponsor:
| Sponsor8
-------------------------------------------------+-------------------------
Changes (by sysrqb):
* status: needs_information => closed
* resolution: => fixed
Comment:
At this point, I think we can consider this complete. There are a few
loose ends that remain, but the APK signing keys for alpha and stable are
now created.
Note: Below, delete the leading `- ` in front of `-----BEGIN
CERTIFICATE-----` and `-----END CERTIFICATE-----` when inputting the
certificate.
{{{
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Signing for trac comment at Thu May 9 17:08:00 UTC 2019
$ pkcs15-tool -r 3
Using reader with a card: Nitrokey Nitrokey Pro (000039610000000000000000)
00 00
- -----BEGIN CERTIFICATE-----
MIIFlTCCA32gAwIBAgIJAMx2uODilli+MA0GCSqGSIb3DQEBCwUAMFwxFDASBgNV
BAMMC1RvciBCcm93c2VyMRgwFgYDVQQKDA9UaGUgVG9yIFByb2plY3QxEDAOBgNV
BAcMB1NlYXR0bGUxCzAJBgNVBAgMAldBMQswCQYDVQQGEwJVUzAeFw0xOTA0MDIx
OTQ0MjZaFw0yMzA0MDExOTQ0MjZaMFwxFDASBgNVBAMMC1RvciBCcm93c2VyMRgw
FgYDVQQKDA9UaGUgVG9yIFByb2plY3QxEDAOBgNVBAcMB1NlYXR0bGUxCzAJBgNV
BAgMAldBMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
ggIBAPPuIx1pzkNfMkrUqjmK7zExh2rnRWNCi2H2rYxlxSL9327cwk9uYVrZeFmP
jFlcYy8tUd+CJewmdCr3R52LRe6jeax8IehmW9+yrI8ACMC0eiuonKo5xYHAgn01
WZ2j1uD9QEXdTr3u3jl5C+bdYwtrp5CL6zniDqqcQtvMW7e096Q/Di+d2R4Hbix8
3ML4+bYmYo82aDHrkX0uVN74Wd8EIIRGCq3LHVP/gRT41mZJSZKyYK8rf0zdgLdz
Mpa3nogxy8i6VLAozzIC39qEhVVAVnxirtgT8yuu4TfOP8FJoQmwo24y/LKKKo0u
fC9n2bGJ/9LlP/+O3a3p0F0+M1YOc+y/H4xYIHcnKue16dFuA3agqzlgayCJ54y8
SjfaTYX1ll20IMttd3FzSKIbSTWPDDR0LadLafZ0aimI64FeKRCn9JL1LhTcwXQU
vnNVlOa2rWK/CnAdOj3SdFcFAQHlaM8yU2pOf9BpkIuszyGXu5xMJYVEbfK9ojxO
3aZxzxqIGAOVmVEHH40DrI3/OKsAq/iMh803g4FQMvkogWkZTq2OoKKKUYzY7AoM
1cYIAN4Wg6BDawmgJlJKvt/5Tg16xu8+BviGXHgLwYGMZBNDif8w1DMQU+olkdZY
CCFcaHjR+z5P52J7km+5wQMad49v/oe7/jUUGzbycbBQdedfAgMBAAGjWjBYMAkG
A1UdEwQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBRtlvvnvtC9YsuwwmB7btqT
7baUVTAfBgNVHSMEGDAWgBRtlvvnvtC9YsuwwmB7btqT7baUVTANBgkqhkiG9w0B
AQsFAAOCAgEAg1aTx1W2cVQzgFoARsZ5ymoJjk4PZVEL3vnL8clt4wCxZ9CYf7sR
VRUgd/rdmQkaB63MBnzK17gef99TXvl63iOrcwYGKVynnsVrHwBRA69xn0ANyyYc
r47dLV636P6s6wTvhAmzeyqgoBSbSQHWAK0kemj+c2hfs6oiMVWgJYfo390yxRs9
1JWmysUeBRT2fgkR008HHm+0Un1kwvr/TZdQ9s09hr9nvuB4mEcHkIQB9RmESFc9
+BDWBKGsQQevAXEr2+CgDqC1dF4lBVbyWo9FoJTtX2Qx/08UVcRpof+V8Xgqdz0B
4le4HZLo3sQIMDWEcNrmcbF6wIYAz7SSY+IU7B3CSMmwYS9OzM8d9EXgygyKaW6i
WSHNrj8WLeZvZ99Bwa5aXTD4PNJ2lJ51GIGN/3uJ5qKK6Aw63zi9TWAtcwYai+Kj
2hGyx+PaxsQ8tAGzcSu9W+iSGEXsL+QiVC4HjjyJF6uEDC3JncvkPtgWNNnV+I4K
Hx/BpCWUsmD1Kz2sFiSA3+zQP5CRxxLWFLu4lije7D9J0YztQBDvhjqvijpd0r0y
1wRDpDMoAKN/Ro3xZkOG7ZKULNsUmpNa6ntIwHYfpn4wOIfJV2tkozHjsUYpUUOm
ufhVN8JbZVKy3lGTBjwLBmST+Hx2dy5EvjJwyVfDXGNOdjGBEZIvLmc=
- -----END CERTIFICATE-----
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEmQpn3DVLpEMbqGYohK8DqE7aGAAFAlzUX3sACgkQhK8DqE7a
GAC42hAAgsn/rK+MF+jprDoir3yaPa96lYMiHWqDJTefPibzjJ+qn/3w1tFmyvNT
4JWelUnIXK9YigDaNpK8uhzJgdgCv8yhb/e53lcEXKWOpdW8KAni0l8Bs25qB4cw
TVftLVZIY2CsWnGTiS05Jp9pi99eXc86eUMAhnno4uRgbBG4Dj0ANkfEtvoDE1Gk
irAVAeI1IoBytLqWQzRm+lbyxxwF0A09H6ux1FwK0aJGCxpM2L+93qL8SvKQF1eD
W6AivqX/qCdW/FA6MicMQw4btDUkM3Z0MNP+N5OJtW+kvZ6cUGQSc3ahoV3UGL2a
akWxgYNirj+UqMGMWH7g8xtdEClO9eFzRWCe6+tqr0quxB+1UOtOVkJi1lYUC5/M
zo1cM6eZVKvkJSqDHVQlKcXNW1/espTEVc2NeuoAmNjWaVThBSYkQ+I2S1QKjxYI
6450z5POKvmCmdzeMuUyNH8dMa0iAn1Fa3hZirv4aJBDSccy31h8Yav/CCoYVmFv
MeZ1beKP5xgJt7B/8xzD+DXWuIy7Uwe80TcVKnBrWUyFGHtSp6EV5HFRPO+B5x+d
Z6p268dbodrVu56i28NSvtV3XMOO3X16YQfnw1GJvU0GN2+oxuNl4e1nNbDPXk8X
6Xr7Upqzejkr+m9x5lOrsxth6s1X50IuP4/DDlJMrPfy71isuic=
=aqHW
-----END PGP SIGNATURE-----
}}}
{{{
$ pkcs15-tool -r 3 | openssl x509 -noout -text -fingerprint
Using reader with a card: Nitrokey Nitrokey Pro (000039610000000000000000)
00 00
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
cc:76:b8:e0:e2:96:58:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = Tor Browser, O = The Tor Project, L = Seattle, ST =
WA, C = US
Validity
Not Before: Apr 2 19:44:26 2019 GMT
Not After : Apr 1 19:44:26 2023 GMT
Subject: CN = Tor Browser, O = The Tor Project, L = Seattle, ST =
WA, C = US
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:f3:ee:23:1d:69:ce:43:5f:32:4a:d4:aa:39:8a:
ef:31:31:87:6a:e7:45:63:42:8b:61:f6:ad:8c:65:
c5:22:fd:df:6e:dc:c2:4f:6e:61:5a:d9:78:59:8f:
8c:59:5c:63:2f:2d:51:df:82:25:ec:26:74:2a:f7:
47:9d:8b:45:ee:a3:79:ac:7c:21:e8:66:5b:df:b2:
ac:8f:00:08:c0:b4:7a:2b:a8:9c:aa:39:c5:81:c0:
82:7d:35:59:9d:a3:d6:e0:fd:40:45:dd:4e:bd:ee:
de:39:79:0b:e6:dd:63:0b:6b:a7:90:8b:eb:39:e2:
0e:aa:9c:42:db:cc:5b:b7:b4:f7:a4:3f:0e:2f:9d:
d9:1e:07:6e:2c:7c:dc:c2:f8:f9:b6:26:62:8f:36:
68:31:eb:91:7d:2e:54:de:f8:59:df:04:20:84:46:
0a:ad:cb:1d:53:ff:81:14:f8:d6:66:49:49:92:b2:
60:af:2b:7f:4c:dd:80:b7:73:32:96:b7:9e:88:31:
cb:c8:ba:54:b0:28:cf:32:02:df:da:84:85:55:40:
56:7c:62:ae:d8:13:f3:2b:ae:e1:37:ce:3f:c1:49:
a1:09:b0:a3:6e:32:fc:b2:8a:2a:8d:2e:7c:2f:67:
d9:b1:89:ff:d2:e5:3f:ff:8e:dd:ad:e9:d0:5d:3e:
33:56:0e:73:ec:bf:1f:8c:58:20:77:27:2a:e7:b5:
e9:d1:6e:03:76:a0:ab:39:60:6b:20:89:e7:8c:bc:
4a:37:da:4d:85:f5:96:5d:b4:20:cb:6d:77:71:73:
48:a2:1b:49:35:8f:0c:34:74:2d:a7:4b:69:f6:74:
6a:29:88:eb:81:5e:29:10:a7:f4:92:f5:2e:14:dc:
c1:74:14:be:73:55:94:e6:b6:ad:62:bf:0a:70:1d:
3a:3d:d2:74:57:05:01:01:e5:68:cf:32:53:6a:4e:
7f:d0:69:90:8b:ac:cf:21:97:bb:9c:4c:25:85:44:
6d:f2:bd:a2:3c:4e:dd:a6:71:cf:1a:88:18:03:95:
99:51:07:1f:8d:03:ac:8d:ff:38:ab:00:ab:f8:8c:
87:cd:37:83:81:50:32:f9:28:81:69:19:4e:ad:8e:
a0:a2:8a:51:8c:d8:ec:0a:0c:d5:c6:08:00:de:16:
83:a0:43:6b:09:a0:26:52:4a:be:df:f9:4e:0d:7a:
c6:ef:3e:06:f8:86:5c:78:0b:c1:81:8c:64:13:43:
89:ff:30:d4:33:10:53:ea:25:91:d6:58:08:21:5c:
68:78:d1:fb:3e:4f:e7:62:7b:92:6f:b9:c1:03:1a:
77:8f:6f:fe:87:bb:fe:35:14:1b:36:f2:71:b0:50:
75:e7:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature
X509v3 Subject Key Identifier:
6D:96:FB:E7:BE:D0:BD:62:CB:B0:C2:60:7B:6E:DA:93:ED:B6:94:55
X509v3 Authority Key Identifier:
keyid:6D:96:FB:E7:BE:D0:BD:62:CB:B0:C2:60:7B:6E:DA:93:ED:B6:94:55
Signature Algorithm: sha256WithRSAEncryption
83:56:93:c7:55:b6:71:54:33:80:5a:00:46:c6:79:ca:6a:09:
8e:4e:0f:65:51:0b:de:f9:cb:f1:c9:6d:e3:00:b1:67:d0:98:
7f:bb:11:55:15:20:77:fa:dd:99:09:1a:07:ad:cc:06:7c:ca:
d7:b8:1e:7f:df:53:5e:f9:7a:de:23:ab:73:06:06:29:5c:a7:
9e:c5:6b:1f:00:51:03:af:71:9f:40:0d:cb:26:1c:af:8e:dd:
2d:5e:b7:e8:fe:ac:eb:04:ef:84:09:b3:7b:2a:a0:a0:14:9b:
49:01:d6:00:ad:24:7a:68:fe:73:68:5f:b3:aa:22:31:55:a0:
25:87:e8:df:dd:32:c5:1b:3d:d4:95:a6:ca:c5:1e:05:14:f6:
7e:09:11:d3:4f:07:1e:6f:b4:52:7d:64:c2:fa:ff:4d:97:50:
f6:cd:3d:86:bf:67:be:e0:78:98:47:07:90:84:01:f5:19:84:
48:57:3d:f8:10:d6:04:a1:ac:41:07:af:01:71:2b:db:e0:a0:
0e:a0:b5:74:5e:25:05:56:f2:5a:8f:45:a0:94:ed:5f:64:31:
ff:4f:14:55:c4:69:a1:ff:95:f1:78:2a:77:3d:01:e2:57:b8:
1d:92:e8:de:c4:08:30:35:84:70:da:e6:71:b1:7a:c0:86:00:
cf:b4:92:63:e2:14:ec:1d:c2:48:c9:b0:61:2f:4e:cc:cf:1d:
f4:45:e0:ca:0c:8a:69:6e:a2:59:21:cd:ae:3f:16:2d:e6:6f:
67:df:41:c1:ae:5a:5d:30:f8:3c:d2:76:94:9e:75:18:81:8d:
ff:7b:89:e6:a2:8a:e8:0c:3a:df:38:bd:4d:60:2d:73:06:1a:
8b:e2:a3:da:11:b2:c7:e3:da:c6:c4:3c:b4:01:b3:71:2b:bd:
5b:e8:92:18:45:ec:2f:e4:22:54:2e:07:8e:3c:89:17:ab:84:
0c:2d:c9:9d:cb:e4:3e:d8:16:34:d9:d5:f8:8e:0a:1f:1f:c1:
a4:25:94:b2:60:f5:2b:3d:ac:16:24:80:df:ec:d0:3f:90:91:
c7:12:d6:14:bb:b8:96:28:de:ec:3f:49:d1:8c:ed:40:10:ef:
86:3a:af:8a:3a:5d:d2:bd:32:d7:04:43:a4:33:28:00:a3:7f:
46:8d:f1:66:43:86:ed:92:94:2c:db:14:9a:93:5a:ea:7b:48:
c0:76:1f:a6:7e:30:38:87:c9:57:6b:64:a3:31:e3:b1:46:29:
51:43:a6:b9:f8:55:37:c2:5b:65:52:b2:de:51:93:06:3c:0b:
06:64:93:f8:7c:76:77:2e:44:be:32:70:c9:57:c3:5c:63:4e:
76:31:81:11:92:2f:2e:67
SHA1
Fingerprint=FA:B4:C3:E0:B2:05:7E:FF:B1:66:33:6F:44:A7:D8:B9:83:9A:F8:16
}}}
{{{
$ apksigner verify --print-certs tor-browser-8.5a11-android-x86-multi-
qa.apk
Signer #1 certificate DN: C=US, ST=WA, L=Seattle, O=The Tor Project,
CN=Tor Browser
Signer #1 certificate SHA-256 digest:
ee82972e1e302f679bc70f45a4ee24e0808005bb2800a1e16f683d93fc79c4ef
Signer #1 certificate SHA-1 digest:
fab4c3e0b2057effb166336f44a7d8b9839af816
Signer #1 certificate MD5 digest: 8ed7d77f0e0bc316a37f896834cdb560
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26536#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list