cbef7f2116
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ## Issue being fixed or feature implemented Implement a new code-singing certificate for windows. Previously we used a certificate issued by DigiCert, however that certificate recently expired. A renewed certificate would cost roughly $200/year at the cheapest CAs and $370/year with DigiCert. EV certificates are relatively novel types of certificates that start out with positive reputation, reducing smart screen popups for users. EV certificates start at $270/year. As a result we had (/have) 4 options: 1. Get a new code signing certificate from a trusted CA - - Pro: Certificate gains reputation over time in smart screen and binaries are signed - - Pro: Shows "Verified Publisher" and "Dash Core Group Inc" on install - - Con: Costs, feels manipulative to pay at least $600 simply for someone to sign a certificate 2. Get a new EV code signing certificate - - Pro: Certificate starts with good reputation and gains reputation over time - - Con: Even greater costs for a signature that says that we are from Dash Core Group 3. Continue signing with the expired certificate - - Con: This is, it has been discovered, a terrible idea and these binaries are treated worse than unsigned binaries 4. Deliver unsigned windows binaries - - Pro: Binary will gain reputation over time as users download it - - Pro: Easy, is what it says on the tin - - Con: Binaries are completely unsigned, could be tampering or corruption issues that go undetected - - Con: Will visibly state "Unknown Publisher" 5. Deliver self-signed windows binaries - - Pro: Binary will gain reputation over time as users download it - - Pro: *Possibility* that certificate will gain reputation over time as users download binaries signed by it. It may also be that only certificates issued by a CA will gain reputation over time. - - Pro: Binaries are still signed - - Pro: Users have the option to import certificate into keychain to remove "Unknown Publisher" - - Pro: In limited testing, install is sometimes is treated better than unsigned, otherwise is treated the same - - Con: may appear sketchy, as Root CA is not a trusted Root CA - - Con: will display "Unknown Publisher" to most users - - Con: greater potential uncertainty around future changes to treatment of self signing systems Based on the above discussion and testing, the best route currently is option 5; that is what this PR implements. In the future it may make sense to move towards a codesigning certificate issued by a trusted CA. The root certificate authority has the following information ![image](https://github.com/dashpay/dash/assets/6443210/66a90588-9bd9-4fe5-902c-04e8d1e47b6f) with a sha256 fingerprint of `46 84 FF 27 11 D7 C8 C5 BB FA D1 55 41 B3 F0 43 77 97 AC 67 4C 32 19 AE B4 E7 15 11 1F BB 42 A0` The code signing certificate is issued by the root CA, has a common name of "Dash Core Windows Signing" and a sha256 fingerprint of `1A 09 54 6E D3 81 E9 FC AD 62 44 32 35 40 39 FF 5F A7 30 0E 5E 03 C4 E0 96 5A 62 AA 19 2B 79 EE`. This certificate is only authorized for the purpose of code signing. ## What was done? ## How Has This Been Tested? Multiple users installing binaries of type 1,3,4 and 5. ## Breaking Changes This new windows signing certificate should be documented in the release notes. ## Checklist: _Go over all the following points, and put an `x` in all the boxes that apply._ - - [x] I have performed a self-review of my own code - - [ ] I have commented my code, particularly in hard-to-understand areas - - [ ] I have added or updated relevant unit/integration/functional/e2e tests - - [ ] I have made corresponding changes to the documentation - - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKVkDYuyHioH9PCArUlJ77avoeYQFAmWfAbUACgkQUlJ77avo eYTSCBAAuDEoWABdonIMs/4RaYP+DGTULltRu9CHBAqYuksXrl/4iV0r17DPSWWW L/5vLNAUTI47Tsa7R45ZPb0hR8VPMBkvxTQipKBYK7vZpwefcR4VOprEBJJ0Bl3g ZHtAVjZbcANEIAW3SlaiOgWbxWGKfDyM7gN3aNfoidMFBefbcYKEttuAGCnktWRI Y3eLMGPCpxOVB0O1nLU+pzwixAWXOeVChiK31ecFfQrF3JmUc12yiFUI+OJTogg4 0G2GMIQYHiVwclj8hSWT/yZfjcyxXdLYqkmH4Nr5mye39hRI2aUQEkmkYOy8pjcB ykKLg8JpUg/zg6GSuS6mFJnd5NHq5iSBxSRHPfR8xij1xFpmdgAaNCw4/6j9PEXB l8cfuJ7hgX3yX09L4p2E4t7MYpM8igaenAIWAK37hmKs1WADBmaj/nf6ThKhjvzI 2GR0FOzm6Is36KYvdUQJDE0g70g31SvGy+qjlcK49MtX6BvecYt+dg8AaNZ5FIn7 d1kFI4NXM6JX2WdiHMenz5d+oFYRS/P1sXjQ1wtl9HSkiZQQkEBbgiWXfh+EXjpW fNc8cej2LLCNZlhVcpffF8UaINsMTZVQsEGWGInjSi5eCs/YNrqL8XDdC/8mmZCu cNvp0QBtQ+4lpbUSdhFUdgic0MRCsdeHuYIBfvPJN9tl8McbknA= =kL6E -----END PGP SIGNATURE----- |
||
---|---|---|
.. | ||
auto_gdb | ||
builder-keys | ||
containers | ||
debian | ||
devtools | ||
gitian-descriptors | ||
guix | ||
init | ||
linearize | ||
macdeploy | ||
qos | ||
seeds | ||
shell | ||
testgen | ||
verify-commits | ||
verifybinaries | ||
windeploy | ||
zmq | ||
dash-cli.bash-completion | ||
dash-qt.pro | ||
dash-tx.bash-completion | ||
dashd.bash-completion | ||
filter-lcov.py | ||
gitian-build.py | ||
install_db4.sh | ||
README.md | ||
valgrind.supp |
Repository Tools
Developer tools
Specific tools for developers working on this repository.
Contains the script github-merge.py
for merging GitHub pull requests securely and signing them using GPG.
Verify-Commits
Tool to verify that every merge commit was signed by a developer using the above github-merge.py
script.
Linearize
Construct a linear, no-fork, best version of the blockchain.
Qos
A Linux bash script that will set up traffic control (tc) to limit the outgoing bandwidth for connections to the Dash network. This means one can have an always-on dashd instance running, and another local dashd/dash-qt instance which connects to this node and receives blocks from it.
Seeds
Utility to generate the pnSeed[] array that is compiled into the client.
Build Tools and Keys
Debian
Contains files used to package dashd/dash-qt for Debian-based Linux systems. If you compile dashd/dash-qt yourself, there are some useful files here.
Gitian-descriptors
Notes on getting Gitian builds up and running using KVM.
Builder keys
PGP keys used for signing Dash Core release results.
MacDeploy
Scripts and notes for Mac builds.
Gitian-build
Script for running full Gitian builds.
Test and Verify Tools
TestGen
Utilities to generate test vectors for the data-driven Dash tests.
Verify Binaries
This script attempts to download and verify the signature file SHA256SUMS.asc from bitcoin.org.