Opened 4 years ago

Closed 4 years ago

Last modified 2 years ago

#18008 closed enhancement (fixed)

Create a new MAR signing key and bake it into Tor Browser

Reported by: gk Owned by: gk
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-security, TorBrowserTeam201601 GeorgKoppen201601R tbb-5.5, tbb-no-uplift
Cc: mcs, brade Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


We want to deprecate the MAR signing key mostly used for signing our MAR files so far and embed a new one instead. This is the begin of a yearly-ish procedure as there is no good way of revoking a MAR signing key.

Child Tickets

Change History (4)

comment:1 Changed 4 years ago by gk

Keywords: GeorgKoppen201601R tbb-5.5 added; GeorgKoppen201601 removed
Status: newneeds_review

Okay, the patch is in bug_18008 ( I've tested that using the files found in

The .tar.xz file has the new key baked in, the *en-US.mar file is unsigned, the *en-US_oldkey.mar file is signed by the MAR key we want to replace and the *en-US_newkey.mar file is signed by the new key. The update contains just a NoScript bump from 2.9 to

I tested this trying to update by extracting the .mar files manually. As expected applying the first two MAR files fails but applying the one signed with the new key succeeds. After restart the NoScript version is bumped to

comment:2 Changed 4 years ago by mcs

r=mcs, r=brade
I assume our strategy is to use the release_primary.der key for a while (so updates from older browsers will work) and then switch to this one when that key is retired?

comment:3 Changed 4 years ago by gk

Resolution: fixed
Status: needs_reviewclosed

Exactly, thanks. This is commit f724aa4d55ad63f7524ce81e3b0307e396c19981 on tor-browser-38.5.0esr-5-5-2.

comment:4 Changed 2 years ago by arthuredelstein

Keywords: tbb-no-uplift added
Note: See TracTickets for help on using tickets.