Bitcoin Forum
December 04, 2016, 04:31:02 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 [191] 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 »
  Print  
Author Topic: Armory - Discussion Thread  (Read 481698 times)
bitpop
Legendary
*
Offline Offline

Activity: 1918


https://keybase.io/bitpop


View Profile WWW
June 17, 2014, 08:13:18 AM
 #3801

One thing that I noticed is that the Details in the Binaries are missing under Windows.
For most people, (including me) an executable looks suspicious if these Details are missing.



That's probably the most useless "security" detail you can think to look at

Reputation  |  PGP  |  DigitalOcean  |  OpenVPN 2GB Free  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
1480869062
Hero Member
*
Offline Offline

Posts: 1480869062

View Profile Personal Message (Offline)

Ignore
1480869062
Reply with quote  #2

1480869062
Report to moderator
1480869062
Hero Member
*
Offline Offline

Posts: 1480869062

View Profile Personal Message (Offline)

Ignore
1480869062
Reply with quote  #2

1480869062
Report to moderator
1480869062
Hero Member
*
Offline Offline

Posts: 1480869062

View Profile Personal Message (Offline)

Ignore
1480869062
Reply with quote  #2

1480869062
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480869062
Hero Member
*
Offline Offline

Posts: 1480869062

View Profile Personal Message (Offline)

Ignore
1480869062
Reply with quote  #2

1480869062
Report to moderator
1480869062
Hero Member
*
Offline Offline

Posts: 1480869062

View Profile Personal Message (Offline)

Ignore
1480869062
Reply with quote  #2

1480869062
Report to moderator
1480869062
Hero Member
*
Offline Offline

Posts: 1480869062

View Profile Personal Message (Offline)

Ignore
1480869062
Reply with quote  #2

1480869062
Report to moderator
Corelianer
Full Member
***
Offline Offline

Activity: 147



View Profile
June 17, 2014, 09:57:33 AM
 #3802

Really? So lets assume you have an up-to date antivirus system/ malware detector like most people do and then you look in the task-manager seeing running processes that you have no idea what they might do. The first thing is to check if they are from a known vendor. Then you might google the file to see what other people say.

If you had ever a Virus infected computer, then you know what I mean.

Right now the guardian.exe looks suspicious because I have no idea if its legit or not.

Most viruses don't pay attention to this stuff and thats where you can identify them easily.
K1773R
Legendary
*
Offline Offline

Activity: 1526


/dev/null


View Profile
June 17, 2014, 11:55:10 AM
 #3803

Really? So lets assume you have an up-to date antivirus system/ malware detector like most people do and then you look in the task-manager seeing running processes that you have no idea what they might do. The first thing is to check if they are from a known vendor. Then you might google the file to see what other people say.

If you had ever a Virus infected computer, then you know what I mean.

Right now the guardian.exe looks suspicious because I have no idea if its legit or not.

Most viruses don't pay attention to this stuff and thats where you can identify them easily.
This is false security.

[GPG Public Key]  [Devcoin Builds]  [BBQCoin Builds]  [Multichain Blockexplorer]  [Multichain Blockexplorer - PoS Coins]  [Ufasoft Miner Linux Builds]
BTC/DVC/TRC/FRC: 1K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM AK1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: NK1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: LKi773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: EK1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: bK1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
bitpop
Legendary
*
Offline Offline

Activity: 1918


https://keybase.io/bitpop


View Profile WWW
June 17, 2014, 12:05:44 PM
 #3804

Really? So lets assume you have an up-to date antivirus system/ malware detector like most people do and then you look in the task-manager seeing running processes that you have no idea what they might do. The first thing is to check if they are from a known vendor. Then you might google the file to see what other people say.

If you had ever a Virus infected computer, then you know what I mean.

Right now the guardian.exe looks suspicious because I have no idea if its legit or not.

Most viruses don't pay attention to this stuff and thats where you can identify them easily.

You can edit it yourself

http://www.heaventools.com/resource-tuner.htm

Reputation  |  PGP  |  DigitalOcean  |  OpenVPN 2GB Free  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
SebastianJu
Legendary
*
Offline Offline

Activity: 1624


Free Legendary Escrow Service - Tip Jar in Profile


View Profile WWW
June 17, 2014, 12:38:15 PM
 #3805

I'd recommend to encrypt the swap (maybe with a passphrase instead of a random one time password, I don't trust the entropy pool while booting up). No swap at all might get nasty if you hit your ram constraints.


Well the most sensitive keys will be kept on an offline computer which presumably runs nothing else except offline Armory.  There's not really a way to run through your RAM there.  Plus, I'd rather run out of swap than have the keys accidentally hit the hard drive unencrypted without warning.  But yes, it is possible to have encrypted swap, though I don't think you can use hibernate if you do that, so you'd be disabling hibernate which is 80% the reason you wanted encrypted swap to begin with.

Encrypt the whole OS with Truecrypt and you dont have to bother anymore... though TC is somewhat in a strange state... now that the devs dont want to work on it anymore.

As far as I know, TrueCrypt doesn't do encrypted swap.  It makes sure that nothing touches your primary (storage) partitions unencrypted, but if you hibernate with key material in RAM, it will still end up on disk unencrypted.   I recommend both disabling swap (and hibernate), and use full-disk encryption.  TrueCrypt works for the disk encryption part, though most recent versions of Ubuntu have had home-partition encryption in the OS-install wizard for a while

If TC encrypted an OS then everything is encrypted, including the swap-file. You only can get back into the hibernated session if you insert the password first since the swapfile is only a file on the OS-Partition. And the whole OS-Partition is encrypted.

 

██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████
 
Get Free Bitcoin Now!
  ¦¯¦¦¯¦    ¦¯¦¦¯¦    ¦¯¦¦¯¦    ¦¯¦¦¯¦   
0.8%-1% House Edge
[/
Rampion
Legendary
*
Offline Offline

Activity: 1078


View Profile
June 17, 2014, 01:51:06 PM
 #3806

I have an old Armory wallet on an offline computer - if I upgrade my offline installation with the latest Armory version (0.9.2), will I be able to do an n-of-m paper backup or should I create a new wallet with the newest Armory and transfer my funds there to be able to print such a backup?

etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
June 17, 2014, 01:55:32 PM
 #3807

I have an old Armory wallet on an offline computer - if I upgrade my offline installation with the latest Armory version (0.9.2), will I be able to do an n-of-m paper backup or should I create a new wallet with the newest Armory and transfer my funds there to be able to print such a backup?

The new backup system is backwards compatible.  It has no problem doing fragmented backups of old wallets, though they will be four-line backups instead of the new two-line backups.  This is because the older versions of Armory (before fragmented backups were implemented) independently generated the root key and chaincode from secure-random data and thus both needed to be backed up.  This was unnecessary since there is already more than enough entropy in the 256-bit key, so we switched to computing it from the root key itself.  Thus, if you have the root key, the chaincode can be computed and doesn't need to be backed up.   

Just make sure you use the backup tester and/or actually remove the wallet and restore it.   It will give you the option to test your backup after you are done creating it.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Corelianer
Full Member
***
Offline Offline

Activity: 147



View Profile
June 17, 2014, 02:48:09 PM
 #3808

@bibop

I opened ArmoryQt.exe but it failes to change any of those details. (Reffering this youtube video: https://www.youtube.com/watch?v=tPcrSpYqH0k )
I also tried to open the other executables (guardian.exe and w9xpopen.exe).



The only one that seem to work is the uninstall.exe



I still stick with my opinion that it's an indicator for a virus if the details are missing.
flipperfish
Sr. Member
****
Offline Offline

Activity: 312


Dolphie Selfie


View Profile
June 17, 2014, 03:13:21 PM
 #3809

One thing that I noticed is that the Details in the Binaries are missing under Windows.
For most people, (including me) an executable looks suspicious if these Details are missing.

[pictures]

The metadata on the details-tab alone is indeed pretty useless. However, there is the possibility to have executables signed with Microsoft's Authenticode [1], which is Microsoft's way of code signing. It's more or less the same as the GPG-Signatures the Armory Devs already provide, however it's far more easy to check on windows, as the functionality for this is already included in the OS and the NT-Kernel. Even more, these signatures can be used to instruct the OS to only allow execution of signed (even constrained by the signer) executables.

AFAIK Authenticode also protects the metadata in the executable, so the information in the details-tab becomes more reliable.

I would really like to have all Armory Windows executables also to be signed with Authenticode besides GPG.


[1] http://msdn.microsoft.com/en-us/library/ie/ms537359%28v=vs.85%29.aspx
     http://blogs.msdn.com/b/ieinternals/archive/2011/03/22/authenticode-code-signing-for-developers-for-file-downloads-building-smartscreen-application-reputation.aspx
bitpop
Legendary
*
Offline Offline

Activity: 1918


https://keybase.io/bitpop


View Profile WWW
June 17, 2014, 11:58:25 PM
 #3810

One thing that I noticed is that the Details in the Binaries are missing under Windows.
For most people, (including me) an executable looks suspicious if these Details are missing.

[pictures]

The metadata on the details-tab alone is indeed pretty useless. However, there is the possibility to have executables signed with Microsoft's Authenticode [1], which is Microsoft's way of code signing. It's more or less the same as the GPG-Signatures the Armory Devs already provide, however it's far more easy to check on windows, as the functionality for this is already included in the OS and the NT-Kernel. Even more, these signatures can be used to instruct the OS to only allow execution of signed (even constrained by the signer) executables.

AFAIK Authenticode also protects the metadata in the executable, so the information in the details-tab becomes more reliable.

I would really like to have all Armory Windows executables also to be signed with Authenticode besides GPG.


[1] http://msdn.microsoft.com/en-us/library/ie/ms537359%28v=vs.85%29.aspx
     http://blogs.msdn.com/b/ieinternals/archive/2011/03/22/authenticode-code-signing-for-developers-for-file-downloads-building-smartscreen-application-reputation.aspx

You mean pay microsoft to sign it for you which can be social engineered? In addition to the private signing key owned by the nsa?

Reputation  |  PGP  |  DigitalOcean  |  OpenVPN 2GB Free  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
flipperfish
Sr. Member
****
Offline Offline

Activity: 312


Dolphie Selfie


View Profile
June 18, 2014, 12:13:05 AM
 #3811

One thing that I noticed is that the Details in the Binaries are missing under Windows.
For most people, (including me) an executable looks suspicious if these Details are missing.

[pictures]

The metadata on the details-tab alone is indeed pretty useless. However, there is the possibility to have executables signed with Microsoft's Authenticode [1], which is Microsoft's way of code signing. It's more or less the same as the GPG-Signatures the Armory Devs already provide, however it's far more easy to check on windows, as the functionality for this is already included in the OS and the NT-Kernel. Even more, these signatures can be used to instruct the OS to only allow execution of signed (even constrained by the signer) executables.

AFAIK Authenticode also protects the metadata in the executable, so the information in the details-tab becomes more reliable.

I would really like to have all Armory Windows executables also to be signed with Authenticode besides GPG.


[1] http://msdn.microsoft.com/en-us/library/ie/ms537359%28v=vs.85%29.aspx
     http://blogs.msdn.com/b/ieinternals/archive/2011/03/22/authenticode-code-signing-for-developers-for-file-downloads-building-smartscreen-application-reputation.aspx

You mean pay microsoft to sign it for you which can be social engineered? In addition to the private signing key owned by the nsa?

No. I mean getting a Authenticode Certificate from a well known CA (eg. [2]) and use it to sign the executables. Microsoft does only provide the root keys, which are trusted by default (Microsoft also makes the OS, this whole procedure is used on, so the users, who do use Armory on Windows, do trust Microsoft anyways.) The private key for the code signing certificate can be stored in the same way as Armory's GPG key, so it's not owned by the NSA. (And actually, it's not the NSA I fear in this use case, but regular hackers.) Social Engineering is a concern only, if you don't check the metadata in the executable.

[2] https://www.thawte.com/code-signing/content-signing-certificates/microsoft-authenticode/index.html
K1773R
Legendary
*
Offline Offline

Activity: 1526


/dev/null


View Profile
June 18, 2014, 09:40:10 AM
 #3812

One thing that I noticed is that the Details in the Binaries are missing under Windows.
For most people, (including me) an executable looks suspicious if these Details are missing.

[pictures]

The metadata on the details-tab alone is indeed pretty useless. However, there is the possibility to have executables signed with Microsoft's Authenticode [1], which is Microsoft's way of code signing. It's more or less the same as the GPG-Signatures the Armory Devs already provide, however it's far more easy to check on windows, as the functionality for this is already included in the OS and the NT-Kernel. Even more, these signatures can be used to instruct the OS to only allow execution of signed (even constrained by the signer) executables.

AFAIK Authenticode also protects the metadata in the executable, so the information in the details-tab becomes more reliable.

I would really like to have all Armory Windows executables also to be signed with Authenticode besides GPG.


[1] http://msdn.microsoft.com/en-us/library/ie/ms537359%28v=vs.85%29.aspx
     http://blogs.msdn.com/b/ieinternals/archive/2011/03/22/authenticode-code-signing-for-developers-for-file-downloads-building-smartscreen-application-reputation.aspx

You mean pay microsoft to sign it for you which can be social engineered? In addition to the private signing key owned by the nsa?

No. I mean getting a Authenticode Certificate from a well known CA (eg. [2]) and use it to sign the executables. Microsoft does only provide the root keys, which are trusted by default (Microsoft also makes the OS, this whole procedure is used on, so the users, who do use Armory on Windows, do trust Microsoft anyways.) The private key for the code signing certificate can be stored in the same way as Armory's GPG key, so it's not owned by the NSA. (And actually, it's not the NSA I fear in this use case, but regular hackers.) Social Engineering is a concern only, if you don't check the metadata in the executable.

[2] https://www.thawte.com/code-signing/content-signing-certificates/microsoft-authenticode/index.html
If you use CA and not M$ Certs, its even more horrible and has more attack vectors.

[GPG Public Key]  [Devcoin Builds]  [BBQCoin Builds]  [Multichain Blockexplorer]  [Multichain Blockexplorer - PoS Coins]  [Ufasoft Miner Linux Builds]
BTC/DVC/TRC/FRC: 1K1773RbXRZVRQSSXe9N6N2MUFERvrdu6y ANC/XPM AK1773RTmRKtvbKBCrUu95UQg5iegrqyeA NMC: NK1773Rzv8b4ugmCgX789PbjewA9fL9Dy1 LTC: LKi773RBuPepQH8E6Zb1ponoCvgbU7hHmd EMC: EK1773RxUes1HX1YAGMZ1xVYBBRUCqfDoF BQC: bK1773R1APJz4yTgRkmdKQhjhiMyQpJgfN
Corelianer
Full Member
***
Offline Offline

Activity: 147



View Profile
June 18, 2014, 09:41:50 AM
 #3813

The Bitcoin Foundation bought their Code-Signing Certificate from here: http://www.instantssl.com/
169€ for 2 years.

You could also concider to let the Bitcoin Foundation sign the executables.
By doing so, you could avoid paying the certificate every year.

flipperfish
Sr. Member
****
Offline Offline

Activity: 312


Dolphie Selfie


View Profile
June 18, 2014, 12:08:11 PM
 #3814

I mean getting a Authenticode Certificate from a well known CA (eg. [2]) and use it to sign the executables. Microsoft does only provide the root keys, which are trusted by default (Microsoft also makes the OS, this whole procedure is used on, so the users, who do use Armory on Windows, do trust Microsoft anyways.) The private key for the code signing certificate can be stored in the same way as Armory's GPG key, so it's not owned by the NSA. (And actually, it's not the NSA I fear in this use case, but regular hackers.) Social Engineering is a concern only, if you don't check the metadata in the executable.

[2] https://www.thawte.com/code-signing/content-signing-certificates/microsoft-authenticode/index.html
If you use CA and not M$ Certs, its even more horrible and has more attack vectors.

I think there is a slight misunderstanding regarding the use case here. The proposal to have armory executables signed with Authenticode is by no means a magic bullet to make Armory bullet proof against any attack on Microsoft OSs. And in that regard, GPG also has its weaknesses. Maybe less than Authenticode, but by no means is it a bullet proof solution. However, checking the GPG-Signatures on Windows comes with quite annoying usability. With Authenticode this could be made much simpler and IMO usability is a main pillar of security (that's the reason we use Armory in the first place). So even if Authenticode has its weaknesses, it's still better than no check of the executable at all. And it eventually will happen (has already happened?), that a clueless windows user will use a malicious Armory executable, because he is to lazy to run through the GPG nightmare.
At this point one could argue, that it's GPG's fault, that its usabilty on windows is bad. One could argue, that one should not use windows at all. But that's not the point. The point is, that IMO the usability advantages of Authenticode outweigh its potential security issues by far. Additionally there is no security hole created by having an executable Authenticode signed. The GPG signatures would still work.
bitpop
Legendary
*
Offline Offline

Activity: 1918


https://keybase.io/bitpop


View Profile WWW
June 18, 2014, 12:20:27 PM
 #3815

If you trust certain posts you can skip to the hash of a file

Skip that Damn properties window and use hashtab

Armoryqt.exe

CRC32: 12984228
MD5: 52ff671b60d877ed2d82f04539c9fd88
SHA-1: a543edd804124bc137c5f8e130b0b99713dc75bb
SHA-256: 82b7e487121fd3cd61f2103debd269eef74b959089a0fe547c4cb40f5b24b779

Reputation  |  PGP  |  DigitalOcean  |  OpenVPN 2GB Free  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
SimonBelmond
Full Member
***
Offline Offline

Activity: 177



View Profile
June 18, 2014, 12:31:26 PM
 #3816

I have a question which is slightly off topic but I assume someone here will have an answer for this and Google did not give me an answer so far:

I am using Kleopatra for all things PGP. I have tried other Windows PGP tools as well. I want to know how I can publically sign someone’s key on a keyserver without ever taking the key onto an online system. I can sign/encrypt files and text offline and then transfer them away from the offline system. I would also like to be able to sign a key offline and then broadcast the signature from an online system. Does anyone here have experience with that? I do not trust any online system. Seem to be a bit biased by the Armory Security Concept.

Sorry for posting it here. If you know the best place to discuss these things please let me know.
bitpop
Legendary
*
Offline Offline

Activity: 1918


https://keybase.io/bitpop


View Profile WWW
June 18, 2014, 12:41:57 PM
 #3817

I have a question which is slightly off topic but I assume someone here will have an answer for this and Google did not give me an answer so far:

I am using Kleopatra for all things PGP. I have tried other Windows PGP tools as well. I want to know how I can publically sign someone’s key on a keyserver without ever taking the key onto an online system. I can sign/encrypt files and text offline and then transfer them away from the offline system. I would also like to be able to sign a key offline and then broadcast the signature from an online system. Does anyone here have experience with that? I do not trust any online system. Seem to be a bit biased by the Armory Security Concept.

Sorry for posting it here. If you know the best place to discuss these things please let me know.


Your answer will lie in the gpg command line which is included

Reputation  |  PGP  |  DigitalOcean  |  OpenVPN 2GB Free  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
Corelianer
Full Member
***
Offline Offline

Activity: 147



View Profile
June 18, 2014, 12:55:31 PM
 #3818

If you trust certain posts you can skip to the hash of a file

Skip that Damn properties window and use hashtab

Armoryqt.exe

CRC32: 12984228
MD5: 52ff671b60d877ed2d82f04539c9fd88
SHA-1: a543edd804124bc137c5f8e130b0b99713dc75bb
SHA-256: 82b7e487121fd3cd61f2103debd269eef74b959089a0fe547c4cb40f5b24b779

I use the hash-values too, but the values are only published for the installer not for the installed files.
bitpop
Legendary
*
Offline Offline

Activity: 1918


https://keybase.io/bitpop


View Profile WWW
June 18, 2014, 01:19:05 PM
 #3819

If you trust certain posts you can skip to the hash of a file

Skip that Damn properties window and use hashtab

Armoryqt.exe

CRC32: 12984228
MD5: 52ff671b60d877ed2d82f04539c9fd88
SHA-1: a543edd804124bc137c5f8e130b0b99713dc75bb
SHA-256: 82b7e487121fd3cd61f2103debd269eef74b959089a0fe547c4cb40f5b24b779

I use the hash-values too, but the values are only published for the installer not for the installed files.

We can get consensus among each other

Reputation  |  PGP  |  DigitalOcean  |  OpenVPN 2GB Free  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
June 18, 2014, 05:04:04 PM
 #3820

Wow, I missed out on some fun discussions.  Let me clarify how this works, and what Armory has done (and failed to do).

  • You can use openSSL to generate your own SSL certificate (offline if you want), and send just the [effective] public key to the CA for signing.  In this way, the private part of your certificate can be protected in exactly the same way as we do GPG.
  • The certificate provider/signer will verify your identity before they sign any certificate claiming "Joe's Fish Shop" is the provider of this software.
  • A single compromised CA cert could be used to impersonate just about anything.  Your system trusts any number of probably 100 certificate roots, and a signature from any one of them pretty much gives the green light, unless you are manually inspecting the certificate chain and know that certain certs are lower security and/or compromised.  It's the job of the OS and the browsers to track which CAs are still trustworthy and help update your CA lists to make sure that any compromised providers are no longer trusted.
  • The MS/authenticode system is not good for verifying specific certificates.  Ideally, for high-security apps, the publisher would publish their public cert and everyone would verify that the signatures from that cert, though it's a bit of work to do this.  Instead, they just check whether there's any valid certificate chain and shows you "Yes/No" that the signature is valid.
  • For this reason, I don't care much for Authenticode-signed certs.  They avoid the unsightly "Unknown Publisher" when you go to run the installer, but that can be a false sense of security.
  • I stand by the notion that the GPG signatures are the most secure.  Our offline GPG fingerprint is everywhere, and it's simple to check via command-line.  It's also easy to integrate into our release scripts.
Here's what Armory has done to this point:

  • I have a Class 2 object code signing certificate, signed by StartCom.  Though at this point it might be expired.  However, it is in my name ("Alan Reiner")
  • Getting a cert associated with the company requires quite a bit of ID verification work, including supplying tax returns.  We haven't been keen to do this, though I suspect we will at some point.  This would be needed for it to show "Armory Technologies, Inc." on the "Verified Publisher:" line.
  • Before version 0.90, Armory used my personally-verified cert.  I generated it on an offline windows machine, and integrated an three extra steps into my release process to make sure the windows installers made it to that machine for authenticode signing before going to the offline Linux box for GPG signing.  This is quite a pain ... you can't sign afterwords or else the GPG hashes/sigs break.
  • There is technically a way to do this in linux, but it didn't work with the type of .exe I was signing.  I was left with no choice but to use a dedicated offline Windows box
.
  • Before version 0.90, I did go through with all this.  You should be able to run the 0.88 installers and see my name as the verified publisher
  • Since version 0.90, we have been using NSIS to package up our installers.  The signing process that I previously used no longer works.  I believe it has to do with the chained installer architecture:  the outer shell of the installer is signed, but it's only purpose is to unpack the real installer and run it... which is not (easily) signed.  This means that if you take the .exe posted on the website (if it were signed this way), you could view its properties in Windows and see the signature is there.  But when you run it, you still see "Unknown Publisher."

With all this in mind, I hope you'll forgive me that I wasn't excited about going through a lot of work, to provide what I felt was less security than the GPG sig, and complicates the heck out of my signing&release process.  Is it useless?  Not exactly.  But I'm comfortable with the idea that the user either checks the GPG sig and knows it's good, or they don't and know it's not verified. 

However, it is possible that the new installer format works with linux authenticode tools, so that it could be easily integrated into the release process.  If anyone wants to try that out for us and provide a recipe for doing it, I will take a shot at it.  But I'm not anxious to put a lot effort into what is already a complex and inconvenient process (low convenience but high security!).


Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Pages: « 1 ... 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 [191] 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!