Signed releases about core HOT 6 CLOSED

We're happy to start providing GPG signatures. We'll code it into our release system for the next release.

from core.

If an attacker can replace the binaries then they can also replace the signatures.

Can the software or the signature be stored in a crypto ledger instead of on some host?

from core.

As long as ToastWallet's private key isn't compromised and you had their original public key saved somewhere (or lacking that, the key ID verified from (preferably several) outside sources) you would be able to spot altered releases even if they did that since the fake signatures won't verify unless you use the fake public key that goes with them.

from core.

Hi guys

The phone builds are signed in order to be included in their respective App Stores. The Windows builds are digitally signed using our code signing certificate. You can verify these by right clicking the executable/appx and clicking properties then clicking the Digital Signatures tab. The signing regime in Windows is quite strong.

Mac builds are also signed, although the dmg itself is not. Extract the dmg and check the digital signature with a command like: code sign -dv --verbose=4 /path/to/ToastWallet.app

We have been meaning to provide manual signatures for the AppImage since as far as we know there isn't a way to sign AppImages at the moment -- or at least electron builder didn't support it when we set up our build scripts. We will get on that soon. In the meantime we've begun uploading release binaries to GitHub, that should offer a second layer of assurance to anyone who is uncertain.

from core.

I was using the AppImage with no signature hence the ticket but having to find and verify different embedded signatures isn't that great either IMO.
It's become pretty mainstream to release PGP signatures and the people who care will all know how to use them. It shouldn't take too long to implement either.
It's up to you guys but that's the direction I'd go :-)

from core.

That's great, thanks.

from core.