dash/contrib
PastaPastaPasta a7eeda5d3f
feat: use a self-signed windows code signing certificate instead of e… (#5814)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

## Issue being fixed or feature implemented
Implement a new code-singing certificate for windows. 

Previously we used a certificate issued by DigiCert, however that
certificate recently expired. A renewed certificate would cost roughly
$200/year at the cheapest CAs and $370/year with DigiCert. EV
certificates are relatively novel types of certificates that start out
with positive reputation, reducing smart screen popups for users. EV
certificates start at $270/year.

As a result we had (/have) 4 options:
1. Get a new code signing certificate from a trusted CA
- - Pro: Certificate gains reputation over time in smart screen and
binaries are signed
- - Pro: Shows "Verified Publisher" and "Dash Core Group Inc" on install
- - Con: Costs, feels manipulative to pay at least $600 simply for
someone to sign a certificate
2. Get a new EV code signing certificate
- - Pro: Certificate starts with good reputation and gains reputation
over time
- - Con: Even greater costs for a signature that says that we are from
Dash Core Group
3. Continue signing with the expired certificate
- - Con: This is, it has been discovered, a terrible idea and these
binaries are treated worse than unsigned binaries
4. Deliver unsigned windows binaries
- - Pro: Binary will gain reputation over time as users download it
- - Pro: Easy, is what it says on the tin
- - Con: Binaries are completely unsigned, could be tampering or
corruption issues that go undetected
- - Con: Will visibly state "Unknown Publisher"
5. Deliver self-signed windows binaries
- - Pro: Binary will gain reputation over time as users download it
- - Pro: *Possibility* that certificate will gain reputation over time
as users download binaries signed by it. It may also be that only
certificates issued by a CA will gain reputation over time.
- - Pro: Binaries are still signed
- - Pro: Users have the option to import certificate into keychain to
remove "Unknown Publisher"
- - Pro: In limited testing, install is sometimes is treated better than
unsigned, otherwise is treated the same
- - Con: may appear sketchy, as Root CA is not a trusted Root CA
- - Con: will display "Unknown Publisher" to most users
- - Con: greater potential uncertainty around future changes to
treatment of self signing systems

Based on the above discussion and testing, the best route currently is
option 5; that is what this PR implements. In the future it may make
sense to move towards a codesigning certificate issued by a trusted CA.

The root certificate authority has the following information

![image](https://github.com/dashpay/dash/assets/6443210/66a90588-9bd9-4fe5-902c-04e8d1e47b6f)
with a sha256 fingerprint of `46 84 FF 27 11 D7 C8 C5 BB FA D1 55 41 B3
F0 43 77 97 AC 67 4C 32 19 AE B4 E7 15 11 1F BB 42 A0`

The code signing certificate is issued by the root CA, has a common name
of "Dash Core Windows Signing" and a sha256 fingerprint of `1A 09 54 6E
D3 81 E9 FC AD 62 44 32 35 40 39 FF 5F A7 30 0E 5E 03 C4 E0 96 5A 62 AA
19 2B 79 EE`. This certificate is only authorized for the purpose of
code signing.

## What was done?

## How Has This Been Tested?
Multiple users installing binaries of type 1,3,4 and 5. 

## Breaking Changes
This new windows signing certificate should be documented in the release
notes.

## Checklist:
_Go over all the following points, and put an `x` in all the boxes that
apply._
- - [x] I have performed a self-review of my own code
- - [ ] I have commented my code, particularly in hard-to-understand
areas
- - [ ] I have added or updated relevant unit/integration/functional/e2e
tests
- - [ ] I have made corresponding changes to the documentation
- - [x] I have assigned this pull request to a milestone _(for
repository code-owners and collaborators only)_


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKVkDYuyHioH9PCArUlJ77avoeYQFAmWfAbUACgkQUlJ77avo
eYTSCBAAuDEoWABdonIMs/4RaYP+DGTULltRu9CHBAqYuksXrl/4iV0r17DPSWWW
L/5vLNAUTI47Tsa7R45ZPb0hR8VPMBkvxTQipKBYK7vZpwefcR4VOprEBJJ0Bl3g
ZHtAVjZbcANEIAW3SlaiOgWbxWGKfDyM7gN3aNfoidMFBefbcYKEttuAGCnktWRI
Y3eLMGPCpxOVB0O1nLU+pzwixAWXOeVChiK31ecFfQrF3JmUc12yiFUI+OJTogg4
0G2GMIQYHiVwclj8hSWT/yZfjcyxXdLYqkmH4Nr5mye39hRI2aUQEkmkYOy8pjcB
ykKLg8JpUg/zg6GSuS6mFJnd5NHq5iSBxSRHPfR8xij1xFpmdgAaNCw4/6j9PEXB
l8cfuJ7hgX3yX09L4p2E4t7MYpM8igaenAIWAK37hmKs1WADBmaj/nf6ThKhjvzI
2GR0FOzm6Is36KYvdUQJDE0g70g31SvGy+qjlcK49MtX6BvecYt+dg8AaNZ5FIn7
d1kFI4NXM6JX2WdiHMenz5d+oFYRS/P1sXjQ1wtl9HSkiZQQkEBbgiWXfh+EXjpW
fNc8cej2LLCNZlhVcpffF8UaINsMTZVQsEGWGInjSi5eCs/YNrqL8XDdC/8mmZCu
cNvp0QBtQ+4lpbUSdhFUdgic0MRCsdeHuYIBfvPJN9tl8McbknA=
=kL6E
-----END PGP SIGNATURE-----
2024-01-11 09:38:43 -06:00
..
auto_gdb chore: add missing copyrights via copyright_header.py insert 2023-01-13 00:49:04 +03:00
builder-keys chore: update udjin's expired builder's key 2024-01-06 19:25:49 -06:00
containers Merge #19172: test: Do not swallow flake8 exit code 2024-01-10 12:07:54 -06:00
debian Merge #17801: doc: Update license year range to 2020 2023-04-25 23:14:25 +03:00
devtools Merge bitcoin/bitcoin#24491: contrib: fix implicit function decleration in win symbol check 2024-01-01 17:48:18 -06:00
guix build: Disable miner for Windows binaries built via Guix (#5801) 2024-01-09 07:56:44 -06:00
init Merge #16556: Fix systemd service file configuration directory setup 2023-04-06 20:14:58 +03:00
linearize Merge #17829: scripted-diff: Bump copyright of files changed in 2019 2023-12-06 11:40:14 -06:00
macdeploy Merge bitcoin/bitcoin#22418: release: Remove gitian 2023-12-06 12:40:58 -06:00
qos Merge #17829: scripted-diff: Bump copyright of files changed in 2019 2023-12-06 11:40:14 -06:00
seeds chore: update mainnet seeds 2023-11-13 10:13:12 -06:00
shell Merge #21375: guix: Misc feedback-based fixes + hier restructuring 2023-03-26 16:50:26 -05:00
testgen Merge #16812: doc: Fix whitespace errs in .md files, bitcoin.conf, and Info.plist.in 2022-01-20 13:09:17 -05:00
verify-commits Merge #17829: scripted-diff: Bump copyright of files changed in 2019 2023-12-06 11:40:14 -06:00
verifybinaries Merge #17829: scripted-diff: Bump copyright of files changed in 2019 2023-12-06 11:40:14 -06:00
windeploy feat: use a self-signed windows code signing certificate instead of e… (#5814) 2024-01-11 09:38:43 -06:00
zmq Merge bitcoin#14060: ZMQ: add options to configure outbound message high water mark, aka SNDHWM (#4360) 2021-09-08 12:39:06 -04:00
dash-cli.bash-completion Merge #17829: scripted-diff: Bump copyright of files changed in 2019 2023-12-06 11:40:14 -06:00
dash-qt.pro merge bitcoin#15450: Create wallet menu option 2022-04-06 13:49:58 +05:30
dash-tx.bash-completion
dashd.bash-completion Merge #17829: scripted-diff: Bump copyright of files changed in 2019 2023-12-06 11:40:14 -06:00
filter-lcov.py Merge #18673: scripted-diff: Sort test includes 2023-08-29 22:00:59 -05:00
install_db4.sh Merge bitcoin/bitcoin#23658: contrib: add check for wget command in install_db4.sh 2023-12-26 22:26:20 -06:00
README.md Merge bitcoin/bitcoin#22418: release: Remove gitian 2023-12-06 12:40:58 -06:00
valgrind.supp Merge #19669: contrib: Fixup valgrind suppressions file 2023-06-07 01:50:18 -05:00

Repository Tools

Developer tools

Specific tools for developers working on this repository. Contains the script github-merge.py for merging GitHub pull requests securely and signing them using GPG.

Verify-Commits

Tool to verify that every merge commit was signed by a developer using the above github-merge.py script.

Linearize

Construct a linear, no-fork, best version of the blockchain.

Qos

A Linux bash script that will set up traffic control (tc) to limit the outgoing bandwidth for connections to the Dash network. This means one can have an always-on dashd instance running, and another local dashd/dash-qt instance which connects to this node and receives blocks from it.

Seeds

Utility to generate the pnSeed[] array that is compiled into the client.

Build Tools and Keys

Debian

Contains files used to package dashd/dash-qt for Debian-based Linux systems. If you compile dashd/dash-qt yourself, there are some useful files here.

Builder keys

PGP keys used for signing Dash Core release results.

MacDeploy

Scripts and notes for Mac builds.

Test and Verify Tools

TestGen

Utilities to generate test vectors for the data-driven Dash tests.

Verify Binaries

This script attempts to download and verify the signature file SHA256SUMS.asc from bitcoin.org.