Opened 10 months ago

Last modified 2 weeks ago

#26536 needs_information task

Create APK signing keys

Reported by: sysrqb Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile, TBA-a3, tbb-8.5-must, TorBrowserTeam201904
Cc: igt0, gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor8


This is the ticket so we can decide how we create it, where we store it, what mechanisms can we use for securing it.

Child Tickets

Change History (13)

comment:1 Changed 9 months ago by sysrqb

Status: newneeds_information

It appears we can create and store the key offline.

I was hoping we could create an "identity" key and a "signing" key for Android, but it seems like this won't work. Specifically, newer versions of Android support signing an app where the public key for verifying the signature is stored in two places. The first place is at the end of the signing block. This key has only one purpose - for verifying the signing block signatures are valid. The second place is the public key is stored within the signing block but here we may include a certificate chain. I was hoping we could create a long-term identity key and then a short-term signing keys, similar to PGP primary key and subkeys. However, from my code diving, Android does not verify the certificate chain embedded in the app. Android only verifies the first (leaf) certificate in the embedded certificate chain contains the same public key as the public key provided at the end of the signing block used for verifying the signature.

We should generate the key offline - Hans published a nice script for this (although its a little old)

We can use a Yubikey or Nitrokey for storing the key. I'll feel more comfortable if we have more than one copy of the key.

Newer versions of Android support something called (upgrade) keysets for verifying the apps authenticity. I'm not sure how we can use it yet. I think it allows for adding more signatures using more keys, but I'm not sure if there's a way we can use it for rotating keys.

With all this being said, we can likely generate our first APK signing key using a similar method as the Tor Browser PGP signing key - using an offline laptop booted with TAILS, etc.

comment:2 Changed 9 months ago by gk

What's the story in case the key gets compromised/lost and needs to get replaced? How is that handled? (I am in particular interested in the impact for updates)

Last edited 9 months ago by gk (previous) (diff)

comment:3 in reply to:  2 Changed 9 months ago by sysrqb

Replying to gk:

What's the story in case the key gets compromised/lost and needs to get replaced?

Total sadness.

How is that handled? (I am in particular interested in the impact for updates)

Basically, we would generate a new key, and existing users would not be able to install the next update because the signing key would be different. As a result, we would have two options. 1) release a new version of the app signed with the new key, but first an existing user would need to uninstall the old version of the app before they can install the new version. 2) release a new version of the app using a different name (org.torproject.torbrowser2, or something like that). If we use a different name, then the user can have both versions installed at the same time and they can manually copy any bookmarks from one app to the other.

We might want to create a plan for how we inform users about this situation and what they should do.

If you lose access to your app signing key or your key is compromised,
Google cannot retrieve the app signing key for you, and you will not
be able to release new versions of your app to users as updates to the
original app.

comment:4 Changed 8 months ago by sysrqb

Woah! "Android 9 supports APK key rotation, which gives apps the ability to change their signing key as part of an APK update."

This is only with the newest version of Android. It includes support for a new signature scheme.

comment:5 Changed 8 months ago by sysrqb

I created a short-term keypair for only the initial alpha releases. We will create a new, long-term key before the first stable release. I have this key offline.

$ keytool -genkey -v -keystore tba_alpha.p12 -storetype pkcs12 -keyalg RSA -keysize 3072 -validity 10000 -alias tba_alpha

Key information

$ keytool -list -v -keystore tba_alpha.p12 -alias tba_alpha -storetype pkcs12
Enter keystore password:  
Alias name: tba_alpha
Creation date: Aug 22, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Owner: CN=Tor Browser, OU=Applications Team, O=The Tor Project, L=Seattle, ST=WA, C=US
Issuer: CN=Tor Browser, OU=Applications Team, O=The Tor Project, L=Seattle, ST=WA, C=US
Serial number: 5f29a0f3
Valid from: Wed Aug 22 17:17:47 UTC 2018 until: Sun Jan 07 17:17:47 UTC 2046
Certificate fingerprints:
	 MD5:  6B:27:D0:7B:3B:5C:FA:E9:60:45:15:24:08:A0:72:AE
	 SHA1: D8:D5:4C:45:85:F3:BB:2C:80:D3:6C:85:A0:D4:1B:6D:C9:6A:33:80
	 SHA256: 15:F7:60:B4:1A:CB:E4:78:3E:66:71:02:C9:F6:71:19:BE:2A:F6:2F:AB:07:76:3F:9D:57:F0:1E:5E:10:74:E1
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 3072-bit RSA key
Version: 3


#1: ObjectId: Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E6 1D 34 04 98 A0 7A 83   42 2C 11 2A 8C 9D D3 D6  ..4...z.B,.*....
0010: E7 9E 73 66                                        ..sf

Public Key Certificate:

$ keytool -exportcert -v -keystore tba_alpha.p12 -alias tba_alpha -storetype pkcs12 -rfc
Enter keystore password:  

I debated whether we should create the key using RSA or ECDSA. I decided on using RSA, but we can discuss this later, before creating the long-term key.

comment:6 Changed 7 months ago by sysrqb

Keywords: TBA-a2 added
Parent ID: #26531

Moving to second-alpha TBA keyword.

comment:7 Changed 7 months ago by gk

Keywords: TBA-a3 added; TBA-a2 removed

Moving this to TBA-a3

comment:8 Changed 4 months ago by gk

Sponsor: Sponsor8

Adding Sponsor8 tag.

comment:9 Changed 2 months ago by gk

Keywords: TorBrowserTeam201902 added

Adding to our radar.

comment:10 Changed 6 weeks ago by gk

Keywords: TorBrowserTeam201903 added; TorBrowserTeam201902 removed

Moving remaining tickets to March.

comment:11 Changed 6 weeks ago by gk

Keywords: tbb-8.5 added

Tickets on our radar for 8.5

comment:12 Changed 4 weeks ago by gk

Keywords: tbb-8.5-must added; tbb-8.5 removed

Marking blockers for Tor Browser 8.5.

comment:13 Changed 2 weeks ago by gk

Keywords: TorBrowserTeam201904 added; TorBrowserTeam201903 removed

Moving tickets to April.

Note: See TracTickets for help on using tickets.