Opened 13 months ago

Closed 2 months ago

#26536 closed task (fixed)

Create APK signing keys

Reported by: sysrqb Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile, TBA-a3, tbb-8.5-must, TorBrowserTeam201905
Cc: igt0, gk, eighthave Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor8

Description

This is the ticket so we can decide how we create it, where we store it, what mechanisms can we use for securing it.

Child Tickets

Change History (26)

comment:1 Changed 12 months ago by sysrqb

Status: newneeds_information

It appears we can create and store the key offline.

I was hoping we could create an "identity" key and a "signing" key for Android, but it seems like this won't work. Specifically, newer versions of Android support signing an app where the public key for verifying the signature is stored in two places. The first place is at the end of the signing block. This key has only one purpose - for verifying the signing block signatures are valid. The second place is the public key is stored within the signing block but here we may include a certificate chain. I was hoping we could create a long-term identity key and then a short-term signing keys, similar to PGP primary key and subkeys. However, from my code diving, Android does not verify the certificate chain embedded in the app. Android only verifies the first (leaf) certificate in the embedded certificate chain contains the same public key as the public key provided at the end of the signing block used for verifying the signature.

We should generate the key offline - Hans published a nice script for this (although its a little old) https://github.com/guardianproject/smartcard-apk-signing/blob/master/openssl-gen/gen.sh

We can use a Yubikey or Nitrokey for storing the key. I'll feel more comfortable if we have more than one copy of the key.

Newer versions of Android support something called (upgrade) keysets for verifying the apps authenticity. I'm not sure how we can use it yet. I think it allows for adding more signatures using more keys, but I'm not sure if there's a way we can use it for rotating keys.

With all this being said, we can likely generate our first APK signing key using a similar method as the Tor Browser PGP signing key - using an offline laptop booted with TAILS, etc.

comment:2 Changed 12 months ago by gk

What's the story in case the key gets compromised/lost and needs to get replace? How is that handled?

Version 0, edited 12 months ago by gk (next)

comment:3 in reply to:  2 Changed 12 months ago by sysrqb

Replying to gk:

What's the story in case the key gets compromised/lost and needs to get replaced?


Total sadness.

How is that handled? (I am in particular interested in the impact for updates)

Basically, we would generate a new key, and existing users would not be able to install the next update because the signing key would be different. As a result, we would have two options. 1) release a new version of the app signed with the new key, but first an existing user would need to uninstall the old version of the app before they can install the new version. 2) release a new version of the app using a different name (org.torproject.torbrowser2, or something like that). If we use a different name, then the user can have both versions installed at the same time and they can manually copy any bookmarks from one app to the other.

We might want to create a plan for how we inform users about this situation and what they should do.

If you lose access to your app signing key or your key is compromised,
Google cannot retrieve the app signing key for you, and you will not
be able to release new versions of your app to users as updates to the
original app.

https://developer.android.com/studio/publish/app-signing#self-manage

comment:4 Changed 11 months ago by sysrqb

Woah! "Android 9 supports APK key rotation, which gives apps the ability to change their signing key as part of an APK update."
https://source.android.com/security/apksigning/v3

This is only with the newest version of Android. It includes support for a new signature scheme.

comment:5 Changed 11 months ago by sysrqb

I created a short-term keypair for only the initial alpha releases. We will create a new, long-term key before the first stable release. I have this key offline.

$ keytool -genkey -v -keystore tba_alpha.p12 -storetype pkcs12 -keyalg RSA -keysize 3072 -validity 10000 -alias tba_alpha

Key information

$ keytool -list -v -keystore tba_alpha.p12 -alias tba_alpha -storetype pkcs12
Enter keystore password:  
Alias name: tba_alpha
Creation date: Aug 22, 2018
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Tor Browser, OU=Applications Team, O=The Tor Project, L=Seattle, ST=WA, C=US
Issuer: CN=Tor Browser, OU=Applications Team, O=The Tor Project, L=Seattle, ST=WA, C=US
Serial number: 5f29a0f3
Valid from: Wed Aug 22 17:17:47 UTC 2018 until: Sun Jan 07 17:17:47 UTC 2046
Certificate fingerprints:
	 MD5:  6B:27:D0:7B:3B:5C:FA:E9:60:45:15:24:08:A0:72:AE
	 SHA1: D8:D5:4C:45:85:F3:BB:2C:80:D3:6C:85:A0:D4:1B:6D:C9:6A:33:80
	 SHA256: 15:F7:60:B4:1A:CB:E4:78:3E:66:71:02:C9:F6:71:19:BE:2A:F6:2F:AB:07:76:3F:9D:57:F0:1E:5E:10:74:E1
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 3072-bit RSA key
Version: 3

Extensions: 

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E6 1D 34 04 98 A0 7A 83   42 2C 11 2A 8C 9D D3 D6  ..4...z.B,.*....
0010: E7 9E 73 66                                        ..sf
]
]

Public Key Certificate:

$ keytool -exportcert -v -keystore tba_alpha.p12 -alias tba_alpha -storetype pkcs12 -rfc
Enter keystore password:  
-----BEGIN CERTIFICATE-----
MIIEjzCCAvegAwIBAgIEXymg8zANBgkqhkiG9w0BAQsFADB4MQswCQYDVQQGEwJV
UzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxGDAWBgNVBAoTD1RoZSBU
b3IgUHJvamVjdDEaMBgGA1UECxMRQXBwbGljYXRpb25zIFRlYW0xFDASBgNVBAMT
C1RvciBCcm93c2VyMB4XDTE4MDgyMjE3MTc0N1oXDTQ2MDEwNzE3MTc0N1oweDEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMRgwFgYD
VQQKEw9UaGUgVG9yIFByb2plY3QxGjAYBgNVBAsTEUFwcGxpY2F0aW9ucyBUZWFt
MRQwEgYDVQQDEwtUb3IgQnJvd3NlcjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC
AYoCggGBAJRv7+VdgiT268+L4q3MeuPKbl9mfGu72Js6wcFqlAyMRXTokvo2ythN
+n8zMlpc2hHJ01dR88RgaqlUseF5LvuT6AaxI5zLMhaZbww0Np+XS/c9ZfxZ/0YZ
WUIyJ5LUEeG9z1bBG0KKhoxyX9ab1IQkGYiRPRgiTaXlkSA+i11XYVDtigqX8C+u
jl4UUr3yBT9AX1vJ1lC8gRLgwIcz8/9orpwaoUm/7VmEgx9N9Ys8ubXUlnT5Em4k
wwbrnZuEO7OOwK3ZBSeOt9iFH/i2ASflu+cJ7JLFnd8ql9BtClXKP83u97ZD122N
IaOiXf2YKH4LsWSZyZ6sk8N/cJO8mZ2i7QqWLoPfKqCz8xKoploItQ2NGiEVM5GR
xsshW1iJ+d024OWupD6c2Mt8WMhbHHeZ3xBDBUqtvTijMSQztGh25ksTdO9pcJxQ
kkUeOub4QL240MC0TdvPAP6wZFAo7do/TeKcpwCYmIyj6igiu/kLUfsDnZZtdw2m
NCa1XVhM1wIDAQABoyEwHzAdBgNVHQ4EFgQU5h00BJigeoNCLBEqjJ3T1ueec2Yw
DQYJKoZIhvcNAQELBQADggGBAHZkWaei+KqmWxqnbbrJcIOzZuy8zi+RSVKBQS/C
ZPnqkIShT0W2bSVkMR4brvU5zDtRfpgfguFhRwnct/9GGdRlMJmEMTcm/4cNgZiz
PNO2Y80HV3EsLTNDjFtMX8DBvltk0oZMSlllqGhb7tqZwCfeKBSPz+aH4XgnvpTv
kWg/ux0BG+fkYgts3dYcQoaWZ6nEQYoPpJyJ+zgPrGtGITBHUrD2WCr6muarEVIR
7JZfwjy1knFSblA/cgDzoRg13L13ntsCF98lGhiBZo8UGvmNFubSolwzmyf7US3z
ZvypsKrXJXz0rU1pbFC01Dka626UVkzZoMf53m9KjcIpP92U3l2GZhXsqxJJ26tu
8x98Jwi5l22upmOsNttAeYtUMI1ODdxL/uVEIVfOw48lyYQgOsdsIiKDi3NDbjto
zMVZOPvcSx2ESrq+GaoKZjkXGAg7beRdLWvsmGGoejuft+N2yqRYaFQ7sjCVQlq2
D9GDJUVvnPEj25zrwtgRmPgLZg==
-----END CERTIFICATE-----

I debated whether we should create the key using RSA or ECDSA. I decided on using RSA, but we can discuss this later, before creating the long-term key.

comment:6 Changed 10 months ago by sysrqb

Keywords: TBA-a2 added
Parent ID: #26531

Moving to second-alpha TBA keyword.

comment:7 Changed 9 months ago by gk

Keywords: TBA-a3 added; TBA-a2 removed

Moving this to TBA-a3

comment:8 Changed 7 months ago by gk

Sponsor: Sponsor8

Adding Sponsor8 tag.

comment:9 Changed 5 months ago by gk

Keywords: TorBrowserTeam201902 added

Adding to our radar.

comment:10 Changed 4 months ago by gk

Keywords: TorBrowserTeam201903 added; TorBrowserTeam201902 removed

Moving remaining tickets to March.

comment:11 Changed 4 months ago by gk

Keywords: tbb-8.5 added

Tickets on our radar for 8.5

comment:12 Changed 4 months ago by gk

Keywords: tbb-8.5-must added; tbb-8.5 removed

Marking blockers for Tor Browser 8.5.

comment:13 Changed 3 months ago by gk

Keywords: TorBrowserTeam201904 added; TorBrowserTeam201903 removed

Moving tickets to April.

comment:14 Changed 2 months ago by sysrqb

Cc: eighthave added

This is a little-bit of a brain dump. I went on a deep-dive into the code for APK signing and using a nitrokey as a key store. As far as I understand it, the answer is "you can't because the stars didn't align correctly" - but I'm CCing Hans in case I missed something. Maybe this works if we get opensc-pkcs11 packages from stretch-backport?

At the beginning, I followed some of the existing guides for putting a signing certificate in PKCS12 key store onto the nitrokey. Unfortunately, that didn't work because importing the certificate via keytool failed. When keytool "stored" the key, it gave key type as an ASCII string instead of the binary number. This resulted in:

0x70d49bdbc700 19:54:34.511 [opensc-pkcs11] card-openpgp.c:2827:pgp_store_key: Unknown key type 49.                                                                                                                
0x70d49bdbc700 19:54:34.511 [opensc-pkcs11] card-openpgp.c:2828:pgp_store_key: returning with: -1300 (Invalid arguments)
0x70d49bdbc700 19:54:34.511 [opensc-pkcs11] card-openpgp.c:3009:pgp_card_ctl: returning with: -1300 (Invalid arguments)
0x70d49bdbc700 19:54:34.511 [opensc-pkcs11] card.c:961:sc_card_ctl: returning with: -1300 (Invalid arguments)
0x70d49bdbc700 19:54:34.511 [opensc-pkcs11] pkcs15-openpgp.c:142:openpgp_store_key: returning with: -1300 (Invalid arguments)
0x70d49bdbc700 19:54:34.511 [opensc-pkcs11] pkcs15-lib.c:1683:sc_pkcs15init_store_private_key: Card specific 'store key' failed: -1300 (Invalid arguments)

Eventually, I found the documentation on the OpenSC wiki page, and I successfully imported the certificate and key:

pkcs15-init --delete-objects privkey,pubkey,chain --id 3 --store-private-key secret_and_certificate.p12 --format pkcs12 --auth-id 3 --verify-pin

And reading the stored public key and certificate information works

$ pkcs15-tool --read-public-key 3
Using reader with a card: Nitrokey Nitrokey Pro (000039610000000000000000) 00 00
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA8+4jHWnOQ18yStSqOYrv
MTGHaudFY0KLYfatjGXFIv3fbtzCT25hWtl4WY+MWVxjLy1R34Il7CZ0KvdHnYtF
7qN5rHwh6GZb37KsjwAIwLR6K6icqjnFgcCCfTVZnaPW4P1ARd1Ove7eOXkL5t1j
C2unkIvrOeIOqpxC28xbt7T3pD8OL53ZHgduLHzcwvj5tiZijzZoMeuRfS5U3vhZ
3wQghEYKrcsdU/+BFPjWZklJkrJgryt/TN2At3MylreeiDHLyLpUsCjPMgLf2oSF
VUBWfGKu2BPzK67hN84/wUmhCbCjbjL8sooqjS58L2fZsYn/0uU//47drenQXT4z
Vg5z7L8fjFggdycq57Xp0W4DdqCrOWBrIInnjLxKN9pNhfWWXbQgy213cXNIohtJ
NY8MNHQtp0tp9nRqKYjrgV4pEKf0kvUuFNzBdBS+c1WU5ratYr8KcB06PdJ0VwUB
AeVozzJTak5/0GmQi6zPIZe7nEwlhURt8r2iPE7dpnHPGogYA5WZUQcfjQOsjf84
qwCr+IyHzTeDgVAy+SiBaRlOrY6goopRjNjsCgzVxggA3haDoENrCaAmUkq+3/lO
DXrG7z4G+IZceAvBgYxkE0OJ/zDUMxBT6iWR1lgIIVxoeNH7Pk/nYnuSb7nBAxp3
j2/+h7v+NRQbNvJxsFB1518CAwEAAQ==
-----END PUBLIC KEY-----
$ keytool -providerClass sun.security.pkcs11.SunPKCS11 -providerArg ~/pkcs11_java.cfg -providerName SunPKCS11-OpenSC-PKCS11 -keystore NONE -storetype PKCS11 -list
Enter keystore password:  
Keystore type: PKCS11
Keystore provider: SunPKCS11-OpenSC-PKCS11

Your keystore contains 1 entry

Cardholder certificate, PrivateKeyEntry, 
Certificate fingerprint (SHA-256): EE:82:97:2E:1E:30:2F:67:9B:C7:0F:45:A4:EE:24:E0:80:80:05:BB:28:00:A1:E1:6F:68:3D:93:FC:79:C4:EF

However, signing with apksigner does not:

$ apksigner sign --provider-class sun.security.pkcs11.SunPKCS11 --provider-arg pkcs11_java.cfg --ks NONE --ks-type SunPKCS11-OpenSC-PKCS11 tor-browser-8.5a11-android-x86-multi-qa.apk 
Exception in thread "main" java.lang.NoSuchMethodException: sun.security.pkcs11.SunPKCS11.<init>(java.lang.String)
        at java.base/java.lang.Class.getConstructor0(Class.java:3350)
        at java.base/java.lang.Class.getConstructor(Class.java:2152)
        at com.android.apksigner.ApkSignerTool$ProviderInstallSpec.installProvider(ApkSignerTool.java:600)
        at com.android.apksigner.ApkSignerTool$ProviderInstallSpec.access$400(ApkSignerTool.java:575)
        at com.android.apksigner.ApkSignerTool.sign(ApkSignerTool.java:259)
        at com.android.apksigner.ApkSignerTool.main(ApkSignerTool.java:89)

After digging into this, and tracing why keytool works but apksigner does not, I found apksigner makes a bad assumption about how the keystore is instantiated. In particular, when using a PKCS11 keystore, keytool instantiates the class and then configures it (two steps process).

However, apksigner tries to do this in one step - by passing the configuration into the constructor. This fails because the SunPKCS11 class doesn't define a one-parameter constructor, and this is why we get the java.lang.NoSuchMethodException.

I tried finding an alternative method of configuring this, but I found this is related to the version of Java I'm using. In Java 8, the exists a single-parameter String constructor in SunPKCS11, but Java 11 does not have one. Unfortunately, I switched from Java 8 (in Debian Stretch) to Java 11 (in Fedora 29) because there was a bug in opensc-pkcs11 that was patched in a newer version but it isn't available in Stretch. (I lost the link to the bug, but I'll paste it later if I find it).

Currently, when I try signing using Java 8, I get this - and I'm stuck:

$ OPENSC_DEBUG=9 ./android-sdk-linux/build-tools/28.0.2/apksigner sign --verbose --provider-class sun.security.pkcs11.SunPKCS11 --provider-arg pkcs11_java.cfg --ks NONE --ks-type PKCS11 tor-browser-8.5a11-android-x86-multi-qa.apk
[snip]
0x7771e08c9700 17:05:15.124 [opensc-pkcs11] slot.c:328:card_detect: Nitrokey Nitrokey Pro (000039610000000000000000) 00 00: Detection ended
0x7771e08c9700 17:05:15.124 [opensc-pkcs11] slot.c:357:card_detect_all: All cards detected
0x7771e08c9700 17:05:15.124 [opensc-pkcs11] pkcs11-global.c:503:C_GetSlotInfo: C_GetSlotInfo() get slot rv 0
0x7771e08c9700 17:05:15.124 [opensc-pkcs11] pkcs11-global.c:530:C_GetSlotInfo: C_GetSlotInfo() flags 0x7
0x7771e08c9700 17:05:15.124 [opensc-pkcs11] pkcs11-global.c:531:C_GetSlotInfo: C_GetSlotInfo(0x0) = CKR_OK
0x7771e08c9700 17:05:15.124 [opensc-pkcs11] pkcs11-session.c:191:C_GetSessionInfo: C_GetSessionInfo(hSession:0x7771d8255e30)
0x7771e08c9700 17:05:15.124 [opensc-pkcs11] pkcs11-session.c:199:C_GetSessionInfo: C_GetSessionInfo(slot:0x0)
0x7771e08c9700 17:05:15.124 [opensc-pkcs11] pkcs11-session.c:216:C_GetSessionInfo: C_GetSessionInfo(0x7771d8255e30) = CKR_OK
0x7771e08c9700 17:05:15.124 [opensc-pkcs11] pkcs11-object.c:336:C_FindObjectsInit: C_FindObjectsInit(slot = 0)
0x7771e08c9700 17:05:15.124 [opensc-pkcs11] pkcs11-object.c:337:C_FindObjectsInit: C_FindObjectsInit(): CKA_TOKEN = TRUE
0x7771e08c9700 17:05:15.124 [opensc-pkcs11] pkcs11-object.c:337:C_FindObjectsInit: C_FindObjectsInit(): CKA_CLASS = CKO_PRIVATE_KEY
0x7771e08c9700 17:05:15.124 [opensc-pkcs11] misc.c:254:session_start_operation: called
0x7771e08c9700 17:05:15.124 [opensc-pkcs11] misc.c:255:session_start_operation: Session 0x7771d8255e30, type 0
0x7771e08c9700 17:05:15.124 [opensc-pkcs11] pkcs11-object.c:406:C_FindObjectsInit: 0 matching objects
0x7771e08c9700 17:05:15.124 [opensc-pkcs11] misc.c:276:session_get_operation: called
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] misc.c:276:session_get_operation: called
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] pkcs11-object.c:59:sc_find_release: freeing 0 handles used 0  at (nil)
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] pkcs11-object.c:336:C_FindObjectsInit: C_FindObjectsInit(slot = 0)
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] pkcs11-object.c:337:C_FindObjectsInit: C_FindObjectsInit(): CKA_TOKEN = TRUE
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] pkcs11-object.c:337:C_FindObjectsInit: C_FindObjectsInit(): CKA_CLASS = CKO_CERTIFICATE
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] misc.c:254:session_start_operation: called
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] misc.c:255:session_start_operation: Session 0x7771d8255e30, type 0
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] pkcs11-object.c:406:C_FindObjectsInit: 0 matching objects
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] misc.c:276:session_get_operation: called
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] misc.c:276:session_get_operation: called
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] pkcs11-object.c:59:sc_find_release: freeing 0 handles used 0  at (nil)
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] pkcs11-object.c:336:C_FindObjectsInit: C_FindObjectsInit(slot = 0)
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] pkcs11-object.c:337:C_FindObjectsInit: C_FindObjectsInit(): CKA_TOKEN = TRUE
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] pkcs11-object.c:337:C_FindObjectsInit: C_FindObjectsInit(): CKA_CLASS = CKO_SECRET_KEY
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] misc.c:254:session_start_operation: called
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] misc.c:255:session_start_operation: Session 0x7771d8255e30, type 0
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] pkcs11-object.c:406:C_FindObjectsInit: 0 matching objects
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] misc.c:276:session_get_operation: called
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] misc.c:276:session_get_operation: called
0x7771e08c9700 17:05:15.125 [opensc-pkcs11] pkcs11-object.c:59:sc_find_release: freeing 0 handles used 0  at (nil)
Failed to load signer "signer #1": NONE does not contain key entries

While, pkcs15-tool --dump shows:

$ pkcs15-tool --dump
Using reader with a card: Nitrokey Nitrokey Pro (000039610000000000000000) 00 00
PKCS#15 Card [OpenPGP card]:
	Version        : 0
	Serial number  : 000500003961
	Manufacturer ID: ZeitControl
	Language       : de
	Flags          : PRN generation, EID compliant
[...]
Private RSA Key [Authentication key]
	Object Flags   : [0x3], private, modifiable
	Usage          : [0x222], decrypt, unwrap, nonRepudiation
	Access Flags   : [0x1D], sensitive, alwaysSensitive, neverExtract, local
	ModLength      : 4096
	Key ref        : 2 (0x2)
	Native         : yes
	Auth ID        : 02
	ID             : 03
	MD:guid        : 7300fc9e-b71d-2853-11d7-e05d5d9a91e4

Public RSA Key [Authentication key]
	Object Flags   : [0x2], modifiable
	Usage          : [0x51], encrypt, wrap, verify
	Access Flags   : [0x2], extract
	ModLength      : 4096
	Key ref        : 0 (0x0)
	Native         : no
	Path           : a401
	ID             : 03

X.509 Certificate [Cardholder certificate]
	Object Flags   : [0x0]
	Authority      : no
	Path           : 3f007f21
	ID             : 03
	Encoded serial : 02 09 00CC76B8E0E29658BE

For the record:

$ cat pkcs11_java.cfg 
name = OpenSC-PKCS11
description = SunPKCS11 via OpenSC
library = /usr/lib64/opensc-pkcs11.so
slotListIndex = 0

comment:15 Changed 2 months ago by sysrqb

Oh, and this is on Debian Stretch (above is for Fedora 29) - the paths are different on the distros.

$ cat pkcs11_java.cfg 
name = OpenSC-PKCS11
description = SunPKCS11 via OpenSC
library = /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
slotListIndex = 0

comment:16 Changed 2 months ago by eighthave

Wow, you have really dug into the depths here! Great to see, but sucks that this is still so hard. Maybe the short term answer is using _jarsigner_? That will introduce an annoying reproducibility issue since _jarsigner_ includes the full Java major/minor/bugfix/patch version in the META-INF/MANIFEST.MF in the APK.

As for fixing apksigner, I'm up for getting fixing into Debian, I maintain that package. It should be possible to get fixes into both stretch and buster, if they are not too big. I think that would also be possible for opensc-pkcs11, but i'm not the maintainer of that package, so harder to promise anything.

Maybe there is already a fix upstream, did you look at https://android.googlesource.com/platform/tools/apksig/ ?

comment:17 Changed 2 months ago by gk

Keywords: TorBrowserTeam201905 added; TorBrowserTeam201904 removed

Moving tickets to May

comment:18 Changed 2 months ago by sysrqb

Okay, I think I finally got it.

$ apksigner sign --verbose --provider-class sun.security.pkcs11.SunPKCS11 --provider-arg pkcs11_java.cfg --ks NONE --ks-type PKCS11 tor-browser-8.5a11-android-x86-multi-qa.apk
Keystore password for signer #1: 
Signed

and the debug logs show:

0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] apdu.c:390:sc_single_transmit: returning with: 0 (Success)
0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] apdu.c:543:sc_transmit: returning with: 0 (Success)
0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] card.c:465:sc_unlock: called
0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] card-openpgp.c:2036:pgp_compute_signature: returning with: 512
0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] sec.c:63:sc_compute_signature: returning with: 512
0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] card.c:465:sc_unlock: called
0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] pkcs15-sec.c:470:sc_pkcs15_compute_signature: returning with: 512
0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] card.c:465:sc_unlock: called
0x70ed69e3f700 16:12:20.919 [opensc-pkcs11] reader-pcsc.c:663:pcsc_unlock: called
0x70ed69e3f700 16:12:20.927 [opensc-pkcs11] framework-pkcs15.c:3853:pkcs15_prkey_sign: Sign complete. Result 512.
0x70ed69e3f700 16:12:20.927 [opensc-pkcs11] mechanism.c:462:sc_pkcs11_signature_final: returning with: 0 (Success)
0x70ed69e3f700 16:12:20.927 [opensc-pkcs11] mechanism.c:327:sc_pkcs11_sign_final: returning with: 0 (Success)
0x70ed69e3f700 16:12:20.927 [opensc-pkcs11] pkcs11-object.c:765:C_SignFinal: C_SignFinal() = CKR_OK
Signed

I installed opensc-pkcs11 (and opensc) from Sid (and pinned the source's priority low).

$ cat /etc/apt/preferences.d/sid_preferences
Package: *
Pin: release a=unstable
Pin-Priority: 400

$ sudo apt install opensc-pkcs11/sid opensc/sid

comment:19 in reply to:  16 Changed 2 months ago by sysrqb

Replying to eighthave:

Wow, you have really dug into the depths here! Great to see, but sucks that this is still so hard. Maybe the short term answer is using _jarsigner_? That will introduce an annoying reproducibility issue since _jarsigner_ includes the full Java major/minor/bugfix/patch version in the META-INF/MANIFEST.MF in the APK.

Yeah, I was hoping we could avoid using jarsigner (in particular so we can take advantage of the newer APK signature schemes.

As for fixing apksigner, I'm up for getting fixing into Debian, I maintain that package. It should be possible to get fixes into both stretch and buster, if they are not too big. I think that would also be possible for opensc-pkcs11, but i'm not the maintainer of that package, so harder to promise anything.

The problem here is on Stretch the bug I was hitting is in opensc-pkcs11 - not apksigner. On Fedora 29, the bug is in apksigner, so I opened a ticket for that.

https://issuetracker.google.com/issues/132333137

Maybe there is already a fix upstream, did you look at https://android.googlesource.com/platform/tools/apksig/ ?

Yeah, sadly it isn't fixed. I didn't see any tickets closely related to it either - other than one ticket from 2017 but it wasn't helpful.

Thanks for the comments, though - it's all good to know.

comment:20 Changed 2 months ago by sysrqb

Resolution: fixed
Status: needs_informationclosed

At this point, I think we can consider this complete. There are a few loose ends that remain, but the APK signing keys for alpha and stable are now created.

Note: Below, delete the leading - in front of -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- when inputting the certificate.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Signing for trac comment at Thu May  9 17:08:00 UTC 2019

$ pkcs15-tool -r 3
Using reader with a card: Nitrokey Nitrokey Pro (000039610000000000000000) 00 00
- -----BEGIN CERTIFICATE-----
MIIFlTCCA32gAwIBAgIJAMx2uODilli+MA0GCSqGSIb3DQEBCwUAMFwxFDASBgNV
BAMMC1RvciBCcm93c2VyMRgwFgYDVQQKDA9UaGUgVG9yIFByb2plY3QxEDAOBgNV
BAcMB1NlYXR0bGUxCzAJBgNVBAgMAldBMQswCQYDVQQGEwJVUzAeFw0xOTA0MDIx
OTQ0MjZaFw0yMzA0MDExOTQ0MjZaMFwxFDASBgNVBAMMC1RvciBCcm93c2VyMRgw
FgYDVQQKDA9UaGUgVG9yIFByb2plY3QxEDAOBgNVBAcMB1NlYXR0bGUxCzAJBgNV
BAgMAldBMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
ggIBAPPuIx1pzkNfMkrUqjmK7zExh2rnRWNCi2H2rYxlxSL9327cwk9uYVrZeFmP
jFlcYy8tUd+CJewmdCr3R52LRe6jeax8IehmW9+yrI8ACMC0eiuonKo5xYHAgn01
WZ2j1uD9QEXdTr3u3jl5C+bdYwtrp5CL6zniDqqcQtvMW7e096Q/Di+d2R4Hbix8
3ML4+bYmYo82aDHrkX0uVN74Wd8EIIRGCq3LHVP/gRT41mZJSZKyYK8rf0zdgLdz
Mpa3nogxy8i6VLAozzIC39qEhVVAVnxirtgT8yuu4TfOP8FJoQmwo24y/LKKKo0u
fC9n2bGJ/9LlP/+O3a3p0F0+M1YOc+y/H4xYIHcnKue16dFuA3agqzlgayCJ54y8
SjfaTYX1ll20IMttd3FzSKIbSTWPDDR0LadLafZ0aimI64FeKRCn9JL1LhTcwXQU
vnNVlOa2rWK/CnAdOj3SdFcFAQHlaM8yU2pOf9BpkIuszyGXu5xMJYVEbfK9ojxO
3aZxzxqIGAOVmVEHH40DrI3/OKsAq/iMh803g4FQMvkogWkZTq2OoKKKUYzY7AoM
1cYIAN4Wg6BDawmgJlJKvt/5Tg16xu8+BviGXHgLwYGMZBNDif8w1DMQU+olkdZY
CCFcaHjR+z5P52J7km+5wQMad49v/oe7/jUUGzbycbBQdedfAgMBAAGjWjBYMAkG
A1UdEwQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBRtlvvnvtC9YsuwwmB7btqT
7baUVTAfBgNVHSMEGDAWgBRtlvvnvtC9YsuwwmB7btqT7baUVTANBgkqhkiG9w0B
AQsFAAOCAgEAg1aTx1W2cVQzgFoARsZ5ymoJjk4PZVEL3vnL8clt4wCxZ9CYf7sR
VRUgd/rdmQkaB63MBnzK17gef99TXvl63iOrcwYGKVynnsVrHwBRA69xn0ANyyYc
r47dLV636P6s6wTvhAmzeyqgoBSbSQHWAK0kemj+c2hfs6oiMVWgJYfo390yxRs9
1JWmysUeBRT2fgkR008HHm+0Un1kwvr/TZdQ9s09hr9nvuB4mEcHkIQB9RmESFc9
+BDWBKGsQQevAXEr2+CgDqC1dF4lBVbyWo9FoJTtX2Qx/08UVcRpof+V8Xgqdz0B
4le4HZLo3sQIMDWEcNrmcbF6wIYAz7SSY+IU7B3CSMmwYS9OzM8d9EXgygyKaW6i
WSHNrj8WLeZvZ99Bwa5aXTD4PNJ2lJ51GIGN/3uJ5qKK6Aw63zi9TWAtcwYai+Kj
2hGyx+PaxsQ8tAGzcSu9W+iSGEXsL+QiVC4HjjyJF6uEDC3JncvkPtgWNNnV+I4K
Hx/BpCWUsmD1Kz2sFiSA3+zQP5CRxxLWFLu4lije7D9J0YztQBDvhjqvijpd0r0y
1wRDpDMoAKN/Ro3xZkOG7ZKULNsUmpNa6ntIwHYfpn4wOIfJV2tkozHjsUYpUUOm
ufhVN8JbZVKy3lGTBjwLBmST+Hx2dy5EvjJwyVfDXGNOdjGBEZIvLmc=
- -----END CERTIFICATE-----
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmQpn3DVLpEMbqGYohK8DqE7aGAAFAlzUX3sACgkQhK8DqE7a
GAC42hAAgsn/rK+MF+jprDoir3yaPa96lYMiHWqDJTefPibzjJ+qn/3w1tFmyvNT
4JWelUnIXK9YigDaNpK8uhzJgdgCv8yhb/e53lcEXKWOpdW8KAni0l8Bs25qB4cw
TVftLVZIY2CsWnGTiS05Jp9pi99eXc86eUMAhnno4uRgbBG4Dj0ANkfEtvoDE1Gk
irAVAeI1IoBytLqWQzRm+lbyxxwF0A09H6ux1FwK0aJGCxpM2L+93qL8SvKQF1eD
W6AivqX/qCdW/FA6MicMQw4btDUkM3Z0MNP+N5OJtW+kvZ6cUGQSc3ahoV3UGL2a
akWxgYNirj+UqMGMWH7g8xtdEClO9eFzRWCe6+tqr0quxB+1UOtOVkJi1lYUC5/M
zo1cM6eZVKvkJSqDHVQlKcXNW1/espTEVc2NeuoAmNjWaVThBSYkQ+I2S1QKjxYI
6450z5POKvmCmdzeMuUyNH8dMa0iAn1Fa3hZirv4aJBDSccy31h8Yav/CCoYVmFv
MeZ1beKP5xgJt7B/8xzD+DXWuIy7Uwe80TcVKnBrWUyFGHtSp6EV5HFRPO+B5x+d
Z6p268dbodrVu56i28NSvtV3XMOO3X16YQfnw1GJvU0GN2+oxuNl4e1nNbDPXk8X
6Xr7Upqzejkr+m9x5lOrsxth6s1X50IuP4/DDlJMrPfy71isuic=
=aqHW
-----END PGP SIGNATURE-----
$ pkcs15-tool -r 3 | openssl x509 -noout -text -fingerprint
Using reader with a card: Nitrokey Nitrokey Pro (000039610000000000000000) 00 00
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            cc:76:b8:e0:e2:96:58:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = Tor Browser, O = The Tor Project, L = Seattle, ST = WA, C = US
        Validity
            Not Before: Apr  2 19:44:26 2019 GMT
            Not After : Apr  1 19:44:26 2023 GMT
        Subject: CN = Tor Browser, O = The Tor Project, L = Seattle, ST = WA, C = US
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:f3:ee:23:1d:69:ce:43:5f:32:4a:d4:aa:39:8a:
                    ef:31:31:87:6a:e7:45:63:42:8b:61:f6:ad:8c:65:
                    c5:22:fd:df:6e:dc:c2:4f:6e:61:5a:d9:78:59:8f:
                    8c:59:5c:63:2f:2d:51:df:82:25:ec:26:74:2a:f7:
                    47:9d:8b:45:ee:a3:79:ac:7c:21:e8:66:5b:df:b2:
                    ac:8f:00:08:c0:b4:7a:2b:a8:9c:aa:39:c5:81:c0:
                    82:7d:35:59:9d:a3:d6:e0:fd:40:45:dd:4e:bd:ee:
                    de:39:79:0b:e6:dd:63:0b:6b:a7:90:8b:eb:39:e2:
                    0e:aa:9c:42:db:cc:5b:b7:b4:f7:a4:3f:0e:2f:9d:
                    d9:1e:07:6e:2c:7c:dc:c2:f8:f9:b6:26:62:8f:36:
                    68:31:eb:91:7d:2e:54:de:f8:59:df:04:20:84:46:
                    0a:ad:cb:1d:53:ff:81:14:f8:d6:66:49:49:92:b2:
                    60:af:2b:7f:4c:dd:80:b7:73:32:96:b7:9e:88:31:
                    cb:c8:ba:54:b0:28:cf:32:02:df:da:84:85:55:40:
                    56:7c:62:ae:d8:13:f3:2b:ae:e1:37:ce:3f:c1:49:
                    a1:09:b0:a3:6e:32:fc:b2:8a:2a:8d:2e:7c:2f:67:
                    d9:b1:89:ff:d2:e5:3f:ff:8e:dd:ad:e9:d0:5d:3e:
                    33:56:0e:73:ec:bf:1f:8c:58:20:77:27:2a:e7:b5:
                    e9:d1:6e:03:76:a0:ab:39:60:6b:20:89:e7:8c:bc:
                    4a:37:da:4d:85:f5:96:5d:b4:20:cb:6d:77:71:73:
                    48:a2:1b:49:35:8f:0c:34:74:2d:a7:4b:69:f6:74:
                    6a:29:88:eb:81:5e:29:10:a7:f4:92:f5:2e:14:dc:
                    c1:74:14:be:73:55:94:e6:b6:ad:62:bf:0a:70:1d:
                    3a:3d:d2:74:57:05:01:01:e5:68:cf:32:53:6a:4e:
                    7f:d0:69:90:8b:ac:cf:21:97:bb:9c:4c:25:85:44:
                    6d:f2:bd:a2:3c:4e:dd:a6:71:cf:1a:88:18:03:95:
                    99:51:07:1f:8d:03:ac:8d:ff:38:ab:00:ab:f8:8c:
                    87:cd:37:83:81:50:32:f9:28:81:69:19:4e:ad:8e:
                    a0:a2:8a:51:8c:d8:ec:0a:0c:d5:c6:08:00:de:16:
                    83:a0:43:6b:09:a0:26:52:4a:be:df:f9:4e:0d:7a:
                    c6:ef:3e:06:f8:86:5c:78:0b:c1:81:8c:64:13:43:
                    89:ff:30:d4:33:10:53:ea:25:91:d6:58:08:21:5c:
                    68:78:d1:fb:3e:4f:e7:62:7b:92:6f:b9:c1:03:1a:
                    77:8f:6f:fe:87:bb:fe:35:14:1b:36:f2:71:b0:50:
                    75:e7:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature
            X509v3 Subject Key Identifier: 
                6D:96:FB:E7:BE:D0:BD:62:CB:B0:C2:60:7B:6E:DA:93:ED:B6:94:55
            X509v3 Authority Key Identifier: 
                keyid:6D:96:FB:E7:BE:D0:BD:62:CB:B0:C2:60:7B:6E:DA:93:ED:B6:94:55

    Signature Algorithm: sha256WithRSAEncryption
         83:56:93:c7:55:b6:71:54:33:80:5a:00:46:c6:79:ca:6a:09:
         8e:4e:0f:65:51:0b:de:f9:cb:f1:c9:6d:e3:00:b1:67:d0:98:
         7f:bb:11:55:15:20:77:fa:dd:99:09:1a:07:ad:cc:06:7c:ca:
         d7:b8:1e:7f:df:53:5e:f9:7a:de:23:ab:73:06:06:29:5c:a7:
         9e:c5:6b:1f:00:51:03:af:71:9f:40:0d:cb:26:1c:af:8e:dd:
         2d:5e:b7:e8:fe:ac:eb:04:ef:84:09:b3:7b:2a:a0:a0:14:9b:
         49:01:d6:00:ad:24:7a:68:fe:73:68:5f:b3:aa:22:31:55:a0:
         25:87:e8:df:dd:32:c5:1b:3d:d4:95:a6:ca:c5:1e:05:14:f6:
         7e:09:11:d3:4f:07:1e:6f:b4:52:7d:64:c2:fa:ff:4d:97:50:
         f6:cd:3d:86:bf:67:be:e0:78:98:47:07:90:84:01:f5:19:84:
         48:57:3d:f8:10:d6:04:a1:ac:41:07:af:01:71:2b:db:e0:a0:
         0e:a0:b5:74:5e:25:05:56:f2:5a:8f:45:a0:94:ed:5f:64:31:
         ff:4f:14:55:c4:69:a1:ff:95:f1:78:2a:77:3d:01:e2:57:b8:
         1d:92:e8:de:c4:08:30:35:84:70:da:e6:71:b1:7a:c0:86:00:
         cf:b4:92:63:e2:14:ec:1d:c2:48:c9:b0:61:2f:4e:cc:cf:1d:
         f4:45:e0:ca:0c:8a:69:6e:a2:59:21:cd:ae:3f:16:2d:e6:6f:
         67:df:41:c1:ae:5a:5d:30:f8:3c:d2:76:94:9e:75:18:81:8d:
         ff:7b:89:e6:a2:8a:e8:0c:3a:df:38:bd:4d:60:2d:73:06:1a:
         8b:e2:a3:da:11:b2:c7:e3:da:c6:c4:3c:b4:01:b3:71:2b:bd:
         5b:e8:92:18:45:ec:2f:e4:22:54:2e:07:8e:3c:89:17:ab:84:
         0c:2d:c9:9d:cb:e4:3e:d8:16:34:d9:d5:f8:8e:0a:1f:1f:c1:
         a4:25:94:b2:60:f5:2b:3d:ac:16:24:80:df:ec:d0:3f:90:91:
         c7:12:d6:14:bb:b8:96:28:de:ec:3f:49:d1:8c:ed:40:10:ef:
         86:3a:af:8a:3a:5d:d2:bd:32:d7:04:43:a4:33:28:00:a3:7f:
         46:8d:f1:66:43:86:ed:92:94:2c:db:14:9a:93:5a:ea:7b:48:
         c0:76:1f:a6:7e:30:38:87:c9:57:6b:64:a3:31:e3:b1:46:29:
         51:43:a6:b9:f8:55:37:c2:5b:65:52:b2:de:51:93:06:3c:0b:
         06:64:93:f8:7c:76:77:2e:44:be:32:70:c9:57:c3:5c:63:4e:
         76:31:81:11:92:2f:2e:67
SHA1 Fingerprint=FA:B4:C3:E0:B2:05:7E:FF:B1:66:33:6F:44:A7:D8:B9:83:9A:F8:16
$ apksigner verify --print-certs tor-browser-8.5a11-android-x86-multi-qa.apk 
Signer #1 certificate DN: C=US, ST=WA, L=Seattle, O=The Tor Project, CN=Tor Browser
Signer #1 certificate SHA-256 digest: ee82972e1e302f679bc70f45a4ee24e0808005bb2800a1e16f683d93fc79c4ef
Signer #1 certificate SHA-1 digest: fab4c3e0b2057effb166336f44a7d8b9839af816
Signer #1 certificate MD5 digest: 8ed7d77f0e0bc316a37f896834cdb560

comment:21 Changed 2 months ago by eighthave

Awesome! If you're willing to use stretch/backports for the opensc package, then I can easily get the version from sid in. For fixing it in stretch directly, we'd need to isolate the bug, and include only a patch that fixes it.

comment:22 Changed 2 months ago by eighthave

Now that I think about it, it would probably be easier to pin to the version in Debian/buster, then there it would get security support for free, as long as the security.debian.org deb source is there for buster too:

Package: opensc opensc-pkcs11
Pin: release a=buster
Pin-Priority: 400

comment:23 Changed 2 months ago by sysrqb

Resolution: fixed
Status: closedreopened

I forgot Google Play requires the signing cert have a long lifetime.

https://developer.android.com/studio/publish/app-signing#considerations

If you plan to publish your apps on Google Play, the key you use to sign your app must have a validity
period ending after 22 October 2033. Google Play enforces this requirement to ensure that users can
seamlessly upgrade apps when new versions are available.

The above key is only valid until 2023.

comment:24 Changed 2 months ago by sysrqb

I created a new certificate that expires in 5475 days (using the same key material). Now it's valid until May 14 21:58:42 2034 GMT.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

$ pkcs15-tool -r 3 | openssl x509 -noout -text -fingerprint
Using reader with a card: Nitrokey Nitrokey Pro (000039610000000000000000) 00 00
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ba:2d:f6:13:08:4d:2b:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = Tor Browser, O = The Tor Project, L = Seattle, ST = WA, C = US
        Validity
            Not Before: May 18 21:58:42 2019 GMT
            Not After : May 14 21:58:42 2034 GMT
        Subject: CN = Tor Browser, O = The Tor Project, L = Seattle, ST = WA, C = US
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:f3:ee:23:1d:69:ce:43:5f:32:4a:d4:aa:39:8a:
                    ef:31:31:87:6a:e7:45:63:42:8b:61:f6:ad:8c:65:
                    c5:22:fd:df:6e:dc:c2:4f:6e:61:5a:d9:78:59:8f:
                    8c:59:5c:63:2f:2d:51:df:82:25:ec:26:74:2a:f7:
                    47:9d:8b:45:ee:a3:79:ac:7c:21:e8:66:5b:df:b2:
                    ac:8f:00:08:c0:b4:7a:2b:a8:9c:aa:39:c5:81:c0:
                    82:7d:35:59:9d:a3:d6:e0:fd:40:45:dd:4e:bd:ee:
                    de:39:79:0b:e6:dd:63:0b:6b:a7:90:8b:eb:39:e2:
                    0e:aa:9c:42:db:cc:5b:b7:b4:f7:a4:3f:0e:2f:9d:
                    d9:1e:07:6e:2c:7c:dc:c2:f8:f9:b6:26:62:8f:36:
                    68:31:eb:91:7d:2e:54:de:f8:59:df:04:20:84:46:
                    0a:ad:cb:1d:53:ff:81:14:f8:d6:66:49:49:92:b2:
                    60:af:2b:7f:4c:dd:80:b7:73:32:96:b7:9e:88:31:
                    cb:c8:ba:54:b0:28:cf:32:02:df:da:84:85:55:40:
                    56:7c:62:ae:d8:13:f3:2b:ae:e1:37:ce:3f:c1:49:
                    a1:09:b0:a3:6e:32:fc:b2:8a:2a:8d:2e:7c:2f:67:
                    d9:b1:89:ff:d2:e5:3f:ff:8e:dd:ad:e9:d0:5d:3e:
                    33:56:0e:73:ec:bf:1f:8c:58:20:77:27:2a:e7:b5:
                    e9:d1:6e:03:76:a0:ab:39:60:6b:20:89:e7:8c:bc:
                    4a:37:da:4d:85:f5:96:5d:b4:20:cb:6d:77:71:73:
                    48:a2:1b:49:35:8f:0c:34:74:2d:a7:4b:69:f6:74:
                    6a:29:88:eb:81:5e:29:10:a7:f4:92:f5:2e:14:dc:
                    c1:74:14:be:73:55:94:e6:b6:ad:62:bf:0a:70:1d:
                    3a:3d:d2:74:57:05:01:01:e5:68:cf:32:53:6a:4e:
                    7f:d0:69:90:8b:ac:cf:21:97:bb:9c:4c:25:85:44:
                    6d:f2:bd:a2:3c:4e:dd:a6:71:cf:1a:88:18:03:95:
                    99:51:07:1f:8d:03:ac:8d:ff:38:ab:00:ab:f8:8c:
                    87:cd:37:83:81:50:32:f9:28:81:69:19:4e:ad:8e:
                    a0:a2:8a:51:8c:d8:ec:0a:0c:d5:c6:08:00:de:16:
                    83:a0:43:6b:09:a0:26:52:4a:be:df:f9:4e:0d:7a:
                    c6:ef:3e:06:f8:86:5c:78:0b:c1:81:8c:64:13:43:
                    89:ff:30:d4:33:10:53:ea:25:91:d6:58:08:21:5c:
                    68:78:d1:fb:3e:4f:e7:62:7b:92:6f:b9:c1:03:1a:
                    77:8f:6f:fe:87:bb:fe:35:14:1b:36:f2:71:b0:50:
                    75:e7:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature
            X509v3 Subject Key Identifier: 
                6D:96:FB:E7:BE:D0:BD:62:CB:B0:C2:60:7B:6E:DA:93:ED:B6:94:55
            X509v3 Authority Key Identifier: 
                keyid:6D:96:FB:E7:BE:D0:BD:62:CB:B0:C2:60:7B:6E:DA:93:ED:B6:94:55

    Signature Algorithm: sha256WithRSAEncryption
         27:c7:e9:40:53:3a:85:4a:ef:ce:95:54:38:a5:34:4b:d3:66:
         cd:2d:d8:c2:4e:8d:dc:99:0d:31:d3:ad:5c:53:31:ea:bc:b2:
         f0:1e:d5:51:7a:19:cc:5a:d5:43:9d:d8:19:3f:94:d5:47:4d:
         76:13:17:62:64:7d:ae:91:ed:b5:9e:e9:0a:84:ce:c2:df:c6:
         1d:da:eb:12:b8:8b:cc:58:ed:67:36:aa:65:0a:e0:db:72:37:
         2b:c7:0e:26:51:02:9d:24:0d:89:93:a1:84:82:b8:88:81:92:
         0f:d5:0e:02:3f:7f:fd:e7:05:b7:23:ce:b6:f5:e6:af:a9:69:
         a9:6b:1c:95:31:c9:44:36:94:bf:e5:04:61:0e:20:8c:85:2e:
         7c:0b:2c:cd:06:3e:39:dd:5c:ca:83:b3:e9:01:b1:a3:37:2d:
         a5:5e:4c:85:46:07:d4:c3:56:73:34:8a:51:1b:59:29:b8:25:
         bf:05:8f:8b:d3:ab:a2:96:1c:4c:27:3a:a1:24:d2:41:44:d9:
         a2:49:61:a6:13:5b:3b:b8:cd:e2:29:0a:54:27:1b:ec:e0:2e:
         0c:ba:f6:ab:d4:af:13:ff:1d:7c:4a:51:92:cf:57:7a:1d:e4:
         7a:51:03:03:08:94:0f:90:0b:fb:ac:ac:ab:85:f0:d0:8b:06:
         06:36:44:15:07:0c:f8:51:e6:30:c8:51:66:56:e8:32:4b:86:
         da:ac:f4:82:d5:71:c1:fd:38:65:26:4e:09:1d:18:9d:07:17:
         16:95:e4:24:e7:8f:e9:1a:bd:25:a9:93:b6:01:4c:5a:97:64:
         7c:c9:63:c2:a2:60:26:32:29:9c:47:1c:8e:29:31:25:92:cd:
         bc:84:e6:dd:27:5e:8f:00:86:51:19:2f:19:7b:96:97:01:a2:
         76:da:f0:67:2f:cd:3b:5d:73:43:28:d5:3b:91:0f:09:31:fa:
         11:a1:76:ec:00:ea:b7:3c:81:3f:30:c3:3b:f4:e2:e3:47:f1:
         5b:fd:30:70:1f:bb:03:53:41:0f:99:1a:e2:c5:b4:49:2e:51:
         e0:c4:39:f5:17:f4:f3:47:91:d4:ce:d1:a3:62:f3:d1:fb:47:
         ad:3e:de:2b:41:c1:d0:38:a2:dd:79:b2:ab:34:4b:2f:1c:7b:
         ef:3e:33:9b:a6:dc:ed:49:46:1e:f7:df:58:b1:80:90:fc:1a:
         50:df:a3:f6:f0:58:f5:61:b2:c9:09:f6:1f:0f:bb:35:1b:79:
         ab:ff:d7:55:3d:14:b5:68:28:4a:86:3b:5c:d3:73:f0:f6:9c:
         23:db:81:45:6f:3f:2f:9d:ce:ad:de:55:67:0e:9d:04:d8:70:
         e5:a0:6b:ec:2b:ca:ee:5d
SHA1 Fingerprint=6E:9D:89:0D:CF:0D:5C:A0:D7:C8:F2:8C:82:2E:D2:28:DA:5F:34:90

$ pkcs15-tool -r 3 | openssl x509 -noout -pubkey
Using reader with a card: Nitrokey Nitrokey Pro (000039610000000000000000) 00 00
- -----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA8+4jHWnOQ18yStSqOYrv
MTGHaudFY0KLYfatjGXFIv3fbtzCT25hWtl4WY+MWVxjLy1R34Il7CZ0KvdHnYtF
7qN5rHwh6GZb37KsjwAIwLR6K6icqjnFgcCCfTVZnaPW4P1ARd1Ove7eOXkL5t1j
C2unkIvrOeIOqpxC28xbt7T3pD8OL53ZHgduLHzcwvj5tiZijzZoMeuRfS5U3vhZ
3wQghEYKrcsdU/+BFPjWZklJkrJgryt/TN2At3MylreeiDHLyLpUsCjPMgLf2oSF
VUBWfGKu2BPzK67hN84/wUmhCbCjbjL8sooqjS58L2fZsYn/0uU//47drenQXT4z
Vg5z7L8fjFggdycq57Xp0W4DdqCrOWBrIInnjLxKN9pNhfWWXbQgy213cXNIohtJ
NY8MNHQtp0tp9nRqKYjrgV4pEKf0kvUuFNzBdBS+c1WU5ratYr8KcB06PdJ0VwUB
AeVozzJTak5/0GmQi6zPIZe7nEwlhURt8r2iPE7dpnHPGogYA5WZUQcfjQOsjf84
qwCr+IyHzTeDgVAy+SiBaRlOrY6goopRjNjsCgzVxggA3haDoENrCaAmUkq+3/lO
DXrG7z4G+IZceAvBgYxkE0OJ/zDUMxBT6iWR1lgIIVxoeNH7Pk/nYnuSb7nBAxp3
j2/+h7v+NRQbNvJxsFB1518CAwEAAQ==
- -----END PUBLIC KEY-----

Signed for trac ticket #26536 at Sun May 19 00:51:20 UTC 2019
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmQpn3DVLpEMbqGYohK8DqE7aGAAFAlzgqLsACgkQhK8DqE7a
GABnKw//S6vlTMAB9u09HRPx39lFj5y7BOK2J4W32fTRgTQaYLJlZIgkGZPgpodJ
BXSvYSpS21nTIqGPRjRvp8GWMfn0pWiGmTCbe+OiTt6EOQhv/vrjFs1ZBg5FL53F
rid69U+2xjrNPGELOmbtYcywDF3sXl/SM1bIuOl9x+BmRNmkbLk11CpFRZ3AbrQn
CegxPzDOY/FAGAkAyEsRof7xkcBGa630ATwyIWUk9/sLj2RTVa+uEfB+SCXpTB/4
AidK5kaBP44SD5dNEd9hvc+c5SvHhh+lm5x2sqsrtLmQI8MYAodRwLyRM1bCrd46
heAPc5v64/GfzsyCj6fSRbjfoyeKfqjuAjVbc9Px7bQ/VtAxZzb06y1LL/mIcLrF
Tq/oR4qPeSLKNUYD0et/wVUBi012CG86JMg8R0/LHHQ+BgpI+UtxisqUJc4fkJnb
CJ1Q6aEgKBuA2s+1NG6boiZQEFqbD6FR52fNiXIbPXLSfXsHELQKNU10G7H+LwRl
q0hD7U7XPjAGq8XKtAdx9eJYG1eLbS1jJnsERxz4A4UWxkDoUaMkdMpXhr+4ITgJ
4ZFY+rmvk67RA/mMXYvd+Qbt4BdVauZsBBkwx9pGcpDbCMBKSrYW0S5sKGWnh3mV
LpNe4P9Y993hHgsNjKLJeC7Ep+6m0xeCG/N2OBYBI/rarOguqtc=
=p5Oz
-----END PGP SIGNATURE-----

comment:25 in reply to:  22 Changed 2 months ago by sysrqb

Replying to eighthave:

Now that I think about it, it would probably be easier to pin to the version in Debian/buster, then there it would get security support for free, as long as the security.debian.org deb source is there for buster too:

Package: opensc opensc-pkcs11
Pin: release a=buster
Pin-Priority: 400

Thanks! I'll try that.

comment:26 Changed 2 months ago by sysrqb

Resolution: fixed
Status: reopenedclosed

Okay, I think we're done with this (again). I'll open another ticket for documenting the process in tor-browser-spec.

Note: See TracTickets for help on using tickets.