Create a new MAR signing key and bake it into Tor Browser

We want to deprecate the MAR signing key mostly used for signing our MAR files so far and embed a new one instead. This is the begin of a yearly-ish procedure as there is no good way of revoking a MAR signing key.

added GeorgKoppen201601R TorBrowserTeam201601 component::applications/tor browser owner::gk priority::medium resolution::fixed severity::normal status::closed tbb-5.5 tbb-no-uplift tbb-security type::enhancement labels

Okay, the patch is in bug_18008 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_18008). I've tested that using the files found in https://people.torproject.org/~gk/testbuilds/18008/.

The .tar.xz file has the new key baked in, the *en-US.mar file is unsigned, the *en-US_oldkey.mar file is signed by the MAR key we want to replace and the *en-US_newkey.mar file is signed by the new key. The update contains just a NoScript bump from 2.9 to 2.9.0.2.

I tested this trying to update by extracting the .mar files manually. As expected applying the first two MAR files fails but applying the one signed with the new key succeeds. After restart the NoScript version is bumped to 2.9.0.2.

Trac:
Keywords: TorBrowserTeam201601 GeorgKoppen201601 deleted, TorBrowserTeam201601 GeorgKoppen201601R tbb-5.5 added
Status: new to needs_review

r=mcs, r=brade I assume our strategy is to use the release_primary.der key for a while (so updates from older browsers will work) and then switch to this one when that key is retired?

Exactly, thanks. This is commit f724aa4d55ad63f7524ce81e3b0307e396c19981 on tor-browser-38.5.0esr-5-5-2.

Trac:
Resolution: N/A to fixed
Status: needs_review to closed

Trac:
Reviewer: N/A to N/A
Keywords: N/A deleted, tbb-no-uplift added

closed

mentioned in issue #20589 (moved)

moved to tpo/applications/tor-browser#18008 (closed)