Bitcoin Forum
December 09, 2016, 09:51:01 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Bitcoin Signed Binaries  (Read 4940 times)
ChloeST
Newbie
*
Offline Offline

Activity: 11


View Profile
May 29, 2011, 12:22:14 PM
 #1

I have to ask why there are no signed binaries of the Bitcoin Clients? The bitcoin client is the center of what should be a very secure system for an individual. (Unless their primary accounts are on MtGox or a similar site, in which case they have to trust ssl and MtGox.)

On Windows the binary has no digital signature on the executable. Other less important software has digital signatures (media players, games, even poker clients are signed (PartyPoker is signed with a Thawte verified certificate).

On linux, there are no hashes available of the current distribution .tar.gz. Ubuntu offers hashes of their product through a ssl encrypted page: https://help.ubuntu.com/community/UbuntuHashes

PGP signatures for communication with bitcoin developers are readily available on the bitcoin.org front page next to their email addresses. Why aren't there verifiable gpg signatures for the binary downloads also available?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
LMGTFY
Hero Member
*****
Offline Offline

Activity: 644



View Profile
May 29, 2011, 12:27:57 PM
 #2

I have to ask why there are no signed binaries of the Bitcoin Clients? The bitcoin client is the center of what should be a very secure system for an individual. (Unless their primary accounts are on MtGox or a similar site, in which case they have to trust ssl and MtGox.)

On Windows the binary has no digital signature on the executable. Other less important software has digital signatures (media players, games, even poker clients are signed (PartyPoker is signed with a Thawte verified certificate).

On linux, there are no hashes available of the current distribution .tar.gz. Ubuntu offers hashes of their product through a ssl encrypted page: https://help.ubuntu.com/community/UbuntuHashes

PGP signatures for communication with bitcoin developers are readily available on the bitcoin.org front page next to their email addresses. Why aren't there verifiable gpg signatures for the binary downloads also available?
Good question! I'd imagine it's because the developers are overworked and underpaid!

I'm not sure how practical digital signatures would be in the short term, as Thawte etc will charge for them - but hopefully someone nearer the issue than me can comment.

Regarding hashes, that should be pretty easy to implement - but I'd imagine it's time that's the problem. I don't suppose you'd be able to volunteer to help out the devs with this?

This space intentionally left blank.
grue
Global Moderator
Legendary
*
Offline Offline

Activity: 1932



View Profile
May 29, 2011, 03:45:30 PM
 #3

there's no need for signing the binaries. the release announcements are pgp signed, with a hash of the binaries.

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
Mike Hearn
Legendary
*
expert
Offline Offline

Activity: 1526


View Profile
May 30, 2011, 11:21:52 AM
 #4

No, the binaries should be signed for the AV reasons discussed previously. It doesn't happen, basically because "nobody got around to it yet". There's work in progress to move to reproducible builds in which multiple trusted developers check that the source code compiles to the binary being released, and then all sign that. Certainly a regular Win32 signature should be included as part of that process and I'm sure soon it will be.
BombaUcigasa
Legendary
*
Offline Offline

Activity: 1414



View Profile
May 30, 2011, 11:24:35 AM
 #5

Ontopic, I downloaded a RC bitcoin client from sourceforge, and NOD32 stopped the download because it got a PE/NewHeur trojan warning. None of the other releases give this warning. How can we be sure the binaries published on the official source control hubs are free of malware?
matt.collier
Member
**
Offline Offline

Activity: 105



View Profile
May 30, 2011, 05:11:15 PM
 #6

I am a GlobalSign reseller and I will sell a Microsoft Authenticode Code Signing Certificate for the BTC equivalent of $180 USD.  The retail price for this certificate is $229.

matt.collier
Member
**
Offline Offline

Activity: 105



View Profile
May 30, 2011, 05:42:10 PM
 #7

There's also the Certificate for Individuals which retails at $99, but I'm not sure if that's appropriate for this purpose.

[edit]

I will sell this one for $50, but it will have the name of an individual on the certificate, not an organization.

http://www.globalsign.com/code-signing/buy-code-signing-for-individual-developers.html
ene
Jr. Member
*
Offline Offline

Activity: 42


View Profile
May 30, 2011, 06:29:09 PM
 #8

there's no need for signing the binaries. the release announcements are pgp signed, with a hash of the binaries.

Not everybody has PGP installed.
grue
Global Moderator
Legendary
*
Offline Offline

Activity: 1932



View Profile
May 30, 2011, 08:28:04 PM
 #9

I am a GlobalSign reseller and I will sell a Microsoft Authenticode Code Signing Certificate for the BTC equivalent of $180 USD.  The retail price for this certificate is $229.
any chance you can donate this certificate to the bitcoin community?

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
matt.collier
Member
**
Offline Offline

Activity: 105



View Profile
May 30, 2011, 08:36:40 PM
 #10

The $180 price includes my reseller discount and $25 of my own money.  I feel comfortable with that level of assistance.
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
May 30, 2011, 09:35:18 PM
 #11

On 0.4.0 PGP signing:
Starting with 0.4.0, the bitcoin releases on Win32 will be generated deterministically (assuming me/devrandom have enough time to code the specifics) and signed by all the Bitcoin developers who have the ability to do so.  The "installer" will then install a minimal script and the relevant dependencies to the Bitcoin folder and then run that script.  That script then downloads the latest version of Bitcoin and checks that enough signatures are on it for it to be considered trusted and install that version.  The script will (hopefully) also be used to update bitcoin when new versions come out.

On code signing:
This one is a bit more difficult.  Because Bitcoin will be built deterministically, we have two options.  A. send the code signing private key around to all the devs for that to be a part of the building process (this is even harder as the building happens on Linux via the MinGW cross compiler) or B. find a way to strip out the code signing certificate in the download script and then check the stripped version instead of the signed version.  I googled this pretty quick and saw no simple CLI program which will do this, but I might have missed something as I didnt spend too much time on it.  If anyone finds something, please tell me. 

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
grue
Global Moderator
Legendary
*
Offline Offline

Activity: 1932



View Profile
May 30, 2011, 09:39:19 PM
 #12

On 0.4.0 PGP signing:
Starting with 0.4.0, the bitcoin releases on Win32 will be generated deterministically (assuming me/devrandom have enough time to code the specifics) and signed by all the Bitcoin developers who have the ability to do so.  The "installer" will then install a minimal script and the relevant dependencies to the Bitcoin folder and then run that script.  That script then downloads the latest version of Bitcoin and checks that enough signatures are on it for it to be considered trusted and install that version.  The script will (hopefully) also be used to update bitcoin when new versions come out.

On code signing:
This one is a bit more difficult.  Because Bitcoin will be built deterministically, we have two options.  A. send the code signing private key around to all the devs for that to be a part of the building process (this is even harder as the building happens on Linux via the MinGW cross compiler) or B. find a way to strip out the code signing certificate in the download script and then check the stripped version instead of the signed version.  I googled this pretty quick and saw no simple CLI program which will do this, but I might have missed something as I didnt spend too much time on it.  If anyone finds something, please tell me. 
auto-update = super bad idea. if a attacker can compromise the script, he can make tons of rouge clients.

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
May 30, 2011, 10:01:23 PM
 #13

auto-update = super bad idea. if a attacker can compromise the script, he can make tons of rouge clients.
Obviously we aren't going to blindly auto-update, there will be a user-prompt.  Also, the binaries are signed by multiple developers meaning you would have to compromise the pgp private keys of several developers.  If you think an attacker will try to compromise the download script, well how is that any different from compromising the current downloads?  You would have to compromise sourceforge, so it wouldn't make a difference.  If you think the script itself might be trickable into downloading without having enough signatures, then I ask you to look it over yourself https://github.com/devrandom/gitian-builder/blob/updater/share/gitian-updater

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
jimbo77
Member
**
Offline Offline

Activity: 78


View Profile
May 30, 2011, 10:27:42 PM
 #14


auto-update = super bad idea. if a attacker can compromise the script, he can make tons of rouge clients.
Wouldn't it be more risky NOT having an auto-update? As long as the process of getting the binaries is secure. I'm thinking from the point of view that there could be exploits in the network or old versions where you want people to update to protect themselves. People are notorious for not upgrading and what if we need them too to prevent an attack on the network? Newer web browsers seem to do it to enhance security so why wouldn't that be the case for bitcoin?
ene
Jr. Member
*
Offline Offline

Activity: 42


View Profile
May 30, 2011, 10:32:24 PM
 #15

As long as the process of getting the binaries is secure.

You missed the point.  Roll Eyes
jimbo77
Member
**
Offline Offline

Activity: 78


View Profile
May 30, 2011, 10:35:33 PM
 #16

As long as the process of getting the binaries is secure.

You missed the point.  Roll Eyes
I did? You can make updating secure such that other risks are higher than the update risk.
matt.collier
Member
**
Offline Offline

Activity: 105



View Profile
May 30, 2011, 10:50:45 PM
 #17

May I suggest another thread for the auto-update debate?
publickeyhash
Newbie
*
Offline Offline

Activity: 20


View Profile
May 30, 2011, 11:30:55 PM
 #18

The compiler should use ProPolice or /GS in case of M$
ene
Jr. Member
*
Offline Offline

Activity: 42


View Profile
May 31, 2011, 01:14:28 AM
 #19

As long as the process of getting the binaries is secure.

You missed the point.  Roll Eyes
I did? You can make updating secure such that other risks are higher than the update risk.

They're different kinds of risk. If the auto-update has a vulnerability, somebody could steal the private keys of tens of thousands of users in a matter of minutes. If the client software has some other vulnerability, then depending on the nature of it, it will be more or less dangerous than what I just mentioned. Probably less.
keystroke
Hero Member
*****
Offline Offline

Activity: 824


advocate of a cryptographic attack on the globe


View Profile
September 26, 2012, 02:42:14 AM
 #20

It's been over a year since this thread was touched. I was just looking at my system with Process Explorer and out of the 62 processes, only 3 are not signed. One of them is Bitcoin-qt. Is there any downside to signing? I always verify with Gavin's signature and I trust that keychain more than I would one issued by a centralized authority... We all know what has happened to SSL CAs. Is this the argument?

"The difference between a castle and a prison is only a question of who holds the keys."
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!