Bitcoin Forum
December 07, 2016, 02:44:03 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3]  All
  Print  
Author Topic: Bitcoin Signed Binaries  (Read 4934 times)
kuzetsa
Sr. Member
****
Offline Offline

Activity: 369


View Profile
September 27, 2012, 03:18:43 AM
 #41

Quote from: gitian_updater.py date=2012-08-08
This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE

...

@Matt Corallo

 Huh Uh... what?

That's not what a signed binary means. This is GPG, not "authenticode" (so it's not the type used on the microsoft OS platforms)

The original post wasn't requesting "auto update" either.  Roll Eyes
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481121843
Hero Member
*
Offline Offline

Posts: 1481121843

View Profile Personal Message (Offline)

Ignore
1481121843
Reply with quote  #2

1481121843
Report to moderator
1481121843
Hero Member
*
Offline Offline

Posts: 1481121843

View Profile Personal Message (Offline)

Ignore
1481121843
Reply with quote  #2

1481121843
Report to moderator
tucenaber
Sr. Member
****
Offline Offline

Activity: 336


View Profile
September 27, 2012, 10:09:42 AM
 #42


Thank you! I've tried to locate that article several times but failed because I thought it was by Dijkstra Wink
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
September 27, 2012, 12:08:47 PM
 #43

That's not what a signed binary means. This is GPG, not "authenticode" (so it's not the type used on the microsoft OS platforms)

The original post wasn't requesting "auto update" either.  Roll Eyes

I'm sure Gavin is perfectly capable of signing binaries, so the only thing that needs written is a way for gitian updater to verify signed binaries (by ignoring signatures).  (Note that you can also use gitian to download the first time if you want, not just on updates).  Because most people just download and check hashes against Gavin's signed release announcement, nothing needs to change there...just report the hashes of the signed copies.

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
kuzetsa
Sr. Member
****
Offline Offline

Activity: 369


View Profile
September 28, 2012, 01:12:37 AM
 #44

...Note that you can also use gitian to download the first time if you want, not just on updates...

huh? I've been manually installing my bitcoin client (and checking hashes, etc.) what on earth are you referring to? What does this "gitian" thing have to do with:

Windows Authenticode Portable Executable Signature Format

Threat mitigation sometimes involves "silly" system enforced policies such as Allowing Only Signed Application to Run

... Isn't this thread about signing the windows version of bitcoin client?
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
September 28, 2012, 05:06:22 PM
 #45

...Note that you can also use gitian to download the first time if you want, not just on updates...
huh? I've been manually installing my bitcoin client (and checking hashes, etc.) what on earth are you referring to? What does this "gitian" thing have to do with:
Yes, that is one way to download the bitcoin client securely.  Gitian is used to build the client distributedly, as well as being capable of handling auto-update (which we will hopefully use in the not-too-distant-future), which needs to be able to verify the signed binary (by stripping the signature). 

... Isn't this thread about signing the windows version of bitcoin client?
Yes, I understand what this thread is about...

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
kuzetsa
Sr. Member
****
Offline Offline

Activity: 369


View Profile
September 29, 2012, 04:27:59 AM
 #46

But gitian uses pgp-type rather than  authenticode signing.

Suspect I'm likely missing something, but  why can't the result of whatever build process just get an authenticode signature added and be done with it? If gitian just builds the unsigned binary, why does gitian even need an update for this?

Is there a super-essential absolutely mandatory required step which wasn't explained in the original post or otherwise documented somewhere? It sure isn't anything the official microsoft instructors taught back when I was getting MCSD / MCSE / etc. at my "corporate training" center back in the day.

I highly suspect this is because the build process for the windows version is cross compiled using a non-windows system using non-microsoft compilers (probably mingw gcc target or something similar)

At this point I think I'm feeling defeated enough / begun to realize  I should probably give up trying to understand what's even being done, why, which tools, etc.

 Cry Sorry, I really am a windows dev / sysadmin once you get past all my open-source hobby tinkering.

Feels soooo weird that any credentials or training I might have are completely and utterly irrelevant for making the windows build process any more standard-like. I'm not young enough, and by now I think I've been retired too long to be useful anymore.
keystroke
Hero Member
*****
Offline Offline

Activity: 824


advocate of a cryptographic attack on the globe


View Profile
September 29, 2012, 02:25:04 PM
 #47

So Gitian needs to be updated to support checking the signature? Is that correct?
https://github.com/devrandom/gitian-builder/blob/master/share/gitian_updater.py

And before that we need the build process to include automatic signing with an Authenticode certificate?

Couldn't we have Gitian still check the GPG signature and not worry about Authenticode? Then just let Windows worry about Authenticode... that gives an extra layer because GPG is in place and trusted. The GPG signature would just been to be generated after the executable was signed with Authenticode.

eg.
1) Build process - (Any details on how this works? I see there is a distributed build process in place?)
2) Authenticode signs it
3) GPG signs it
...
4) Client side Gitian runs some auto-update eventually and asks the user if they want to upgrade
Note: Is Gitian definitely secure? Eg. no attacks against the auto-update mechanism? Some programs have had this issue...
5) Gitian verified GPG signature against keys which is trusts
6) Gitian executes new Bitcoin installer code
7) Windows checks Authenticode signature and install proceeds as normal

Does the above make sense or am I missing something?

"The difference between a castle and a prison is only a question of who holds the keys."
Gavin Andresen
Legendary
*
qt
Offline Offline

Activity: 1652


Chief Scientist


View Profile WWW
September 29, 2012, 03:31:03 PM
 #48

Microsoft/authenticode assumes one trusted master key (I think? Can a binary be signed by multiple keys?)

That is contrary to the no-central-authority idea, and it would be nice to avoid that.

However, given that Apple and Microsoft are both going in the direction of "thou shalt be a registered developer to distribute software for our OS" a central signing process for at least the initial install seems inevitable.

This is one of those "interact with existing systems that do not consider the possibility of radically decentralized solutions" hurdles that the Foundation can help jump; I expect the Foundation will soon be a registered Apple and Microsoft developer, and downloads will be signed with certificates owned by the Foundation.

The alternative is downloads only geeks can use (because only geeks know how to turn off cert checks) or binaries signed by me personally. And I don't want to be a single point of failure; having an organization that will hopefully outlive me is a better solution.

The best solution would be multi-signed binaries and a decentralized web of trust system, but we're not there yet.

How often do you get the chance to work on a potentially world-changing project?
flatfly
Hero Member
*****
Offline Offline

Activity: 938


View Profile
September 29, 2012, 03:37:07 PM
 #49

Microsoft/authenticode assumes one trusted master key (I think? Can a binary be signed by multiple keys?)

That is contrary to the no-central-authority idea, and it would be nice to avoid that.

However, given that Apple and Microsoft are both going in the direction of "thou shalt be a registered developer to distribute software for our OS" a central signing process for at least the initial install seems inevitable.

This is one of those "interact with existing systems that do not consider the possibility of radically decentralized solutions" hurdles that the Foundation can help jump; I expect the Foundation will soon be a registered Apple and Microsoft developer, and downloads will be signed with certificates owned by the Foundation.

The alternative is downloads only geeks can use (because only geeks know how to turn off cert checks) or binaries signed by me personally. And I don't want to be a single point of failure; having an organization that will hopefully outlive me is a better solution.

The best solution would be multi-signed binaries and a decentralized web of trust system, but we're not there yet.

Yeah this would be more or less similar to what Mozilla does with the Firefox binaries.
(The installer is signed by a "Mozilla Corporation" cert, delivered by Thawte)

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
kuzetsa
Sr. Member
****
Offline Offline

Activity: 369


View Profile
September 29, 2012, 05:16:57 PM
 #50

((...snip...))
That is contrary to the no-central-authority idea, and it would be nice to avoid that.

However, given that Apple and Microsoft are both going in the direction of "thou shalt be a registered developer to distribute software for our OS" a central signing process for at least the initial install seems inevitable.

This is one of those "interact with existing systems that do not consider the possibility of radically decentralized solutions" hurdles that the Foundation can help jump; I expect the Foundation will soon be a registered Apple and Microsoft developer, and downloads will be signed with certificates owned by the Foundation.
((...snip...))

Indeed, that was what I meant. Thanks gavin.  Smiley

Reassuring to know that my perception of the build process was roughly accurate. As to the question put forward in the original post, I think the answer might be something like: "only thing stopping it is that there is no plan in place to use an the appropriate certificate in the build process, and it doesn't help matters that we don't have one yet anyway"

Huh. Apple certificates... Maybe I should act one of my friends about the apple end. One who lives 3 blocks up the street from me is a self described "apple hipster" and whatnot. She happens to also be self-described as OS-agnostic though, among other technical goodies. Nothing wrong with favoring one platform other another.
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
September 29, 2012, 07:33:41 PM
 #51

The idea would be:
1. Build distributed (like is done now) with gitian (all builds PGP signed).
2. One person signs binaries (gavin, bitcoin foundation, etc).
3. Bitcoin sees a new version and calls gitian to verify the new version.
4. Gitian strips the signature from the binary before checking the PGP signatures made in step 1 (this is where support is needed).
5. Gitian installs new version.

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
kuzetsa
Sr. Member
****
Offline Offline

Activity: 369


View Profile
October 03, 2012, 07:45:42 AM
 #52

The idea would be:
1. Build distributed (like is done now) with gitian (all builds PGP signed).
2. One person signs binaries (gavin, bitcoin foundation, etc).
3. Bitcoin sees a new version and calls gitian to verify the new version.
4. Gitian strips the signature from the binary before checking the PGP signatures made in step 1 (this is where support is needed).
5. Gitian installs new version.

 Huh So is there some sort of builtin updater (I've never personally used such a feature) which checks against pgp signatures?

Is that what all this fuss was about?

... I think I get it now  Undecided



Edited to add:

no wait nevermind I'm still quite stumped.

I just looked in the v0.7.0-beta of "bitcoind / bitcoinqt" and there seems to be no such feature. ya'll are talking about something I know nothing about. is there a thread somewhere that explains this tool or feature or whatever it is? I don't understand why is it important? (either in this context, or at all?)
Matt Corallo
Hero Member
*****
expert
Offline Offline

Activity: 751


View Profile
October 03, 2012, 06:40:54 PM
 #53

Huh So is there some sort of builtin updater (I've never personally used such a feature) which checks against pgp signatures?
Its not builtin (yet), but it exists, and we want to make sure whatever we do is compatible because we will hopefully use it (eventually).
Is that what all this fuss was about?
Yep

I just looked in the v0.7.0-beta of "bitcoind / bitcoinqt" and there seems to be no such feature. ya'll are talking about something I know nothing about. is there a thread somewhere that explains this tool or feature or whatever it is? I don't understand why is it important? (either in this context, or at all?)
https://github.com/bitcoin/bitcoin/pull/1453

Bitcoin Ubuntu PPA maintainer - donate to me personally: 1JBMattRztKDF2KRS3vhjJXA7h47NEsn2c
http://bitcoinrelaynetwork.org maintainer
PGP ID: 07DF 3E57 A548 CCFB 7530  7091 89BB B866 3E2E65CE
Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!