Create new MAR signing key for Tor Browser
We want to start with the usual MAR signing key rotation soon. Thus, we should create a new key and embed the related certs into Tor Browser.
Activity
FWIW: We already included a new secondary key earlier this year (#18008 (moved)). The plan is to move that one into the first position and add a new one as the secondary signing key. This should happen for 7.0a1 and we would test that everything is working within the 7.0 alpha series.
-
bug_20589(https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_20589&id=2460ea50270ee95183aee35e07190d7f819e41be) in my public Tor Browser repo has the cert for the new key and the secondary key moved to the first position. Regarding testing I followed a similar strategy as in comment:1:ticket:18008. The binaries for that are in https://people.torproject.org/~gk/testbuilds/20589. The successful update updates the alpha to a nightly.Note to self for the next time: Don't try to get it working with a nightly tar.xz. It will fail again, for reasons. :)
Trac:
Status: new to needs_review
Keywords: TorBrowserTeam201701 deleted, TorBrowserTeam201701R added mentioned in issue #21244 (closed)
mentioned in issue #23916 (moved)
mentioned in issue #25543 (moved)
mentioned in issue #25543 (moved)
mentioned in issue #25543 (moved)
mentioned in issue tpo/applications/tor-browser#23916 (closed)
