From 4b70cfa2c2ad7716f121f0f9c077c96268cbb66c Mon Sep 17 00:00:00 2001 From: Sven Strickroth Date: Sat, 13 Sep 2014 13:02:48 +0200 Subject: [PATCH] Use a new 4096 bit RSA public key for update signing Signed-off-by: Sven Strickroth --- src/Changelog.txt | 3 ++ src/TortoiseProc/CheckForUpdatesDlg.cpp | 2 +- src/TortoiseProc/Commands/Command.cpp | 2 +- src/version.h | 61 +++++++++++++++++++++++---------- 4 files changed, 47 insertions(+), 21 deletions(-) diff --git a/src/Changelog.txt b/src/Changelog.txt index 7744d4fce..ea6f0094e 100644 --- a/src/Changelog.txt +++ b/src/Changelog.txt @@ -3,6 +3,9 @@ Released: unreleased == Features == * Fixed issue #2272: Export Dialog auto select tag if the revision has tag + * We now use a 4096-bit RSA key with SHA2-512 for signing and verifying our releases instead of a 1024-bit DSA key with SHA1 + The new key is signed by the old key. You can get the fingerprint from a trusted TortoiseGit installation by issuing + "TortoiseGitProc.exe /command:pgpfp" == Bug Fixes == * Fixed issue #2260: Clicking in blank space in Commit dialog causes all unversioned files to become selected diff --git a/src/TortoiseProc/CheckForUpdatesDlg.cpp b/src/TortoiseProc/CheckForUpdatesDlg.cpp index 99344b42d..e7a35bf45 100644 --- a/src/TortoiseProc/CheckForUpdatesDlg.cpp +++ b/src/TortoiseProc/CheckForUpdatesDlg.cpp @@ -34,7 +34,7 @@ #include "UpdateCrypto.h" #include "Win7.h" -#define SIGNATURE_FILE_ENDING _T(".asc") +#define SIGNATURE_FILE_ENDING _T(".rsa.asc") #define WM_USER_DISPLAYSTATUS (WM_USER + 1) #define WM_USER_ENDDOWNLOAD (WM_USER + 2) diff --git a/src/TortoiseProc/Commands/Command.cpp b/src/TortoiseProc/Commands/Command.cpp index 7213ed7ec..43becf874 100644 --- a/src/TortoiseProc/Commands/Command.cpp +++ b/src/TortoiseProc/Commands/Command.cpp @@ -405,7 +405,7 @@ Command * CommandServer::GetCommand(const CString& sCmd) #endif case cmdPGPFP: { - CMessageBox::Show(hWndExplorer, _T("This is the fingerprint of the TortoiseGit Release Signing Key.\nIt can be used to establish a trust path from this release to another one.\n\nTortoiseGit Release Signing Key, 1024-bit DSA:\n078A CFC9 7834 0A4E FB8C 917A 33F7 5DCF 2BC0 D362"), _T("TortoiseGit"), MB_OK); + CMessageBox::Show(hWndExplorer, _T("This is the fingerprint of the TortoiseGit Release Signing Key.\nIt can be used to establish a trust path from this release to another one.\n\nTortoiseGit Release Signing Key, 4096-bit RSA:\n74A2 1AE3 01B3 CA5B D807 2F5E F7F1 7B3F 9DD9 539E"), _T("TortoiseGit"), MB_OK); return nullptr; } default: diff --git a/src/version.h b/src/version.h index 319f66cab..bb0529b6f 100644 --- a/src/version.h +++ b/src/version.h @@ -28,13 +28,12 @@ #define ENABLE_CRASHHANLDER 0 /***************************************************************************** - * TortoiseGit DSA PGP Public Key used to sign releases + * TortoiseGit PGP Public Key used to sign releases *****************************************************************************/ /* We trust this public key, and by extension, also keys signed by it. */ /* NOTE: - * We need a 1024 bits DSA key. * Don't forget to upload the key to http://download.tortoisegit.org/keys/ */ @@ -43,29 +42,53 @@ * TortoiseGit Release Signing Key */ static const uint8_t tortoisegit_public_key_longid[8] = { - 0x33, 0xF7, 0x5D, 0xCF, 0x2B, 0xC0, 0xD3, 0x62 + 0xF7, 0xF1, 0x7B, 0x3F, 0x9D, 0xD9, 0x53, 0x9E }; /* gpg --export --armor ""|sed -e s/^/\"/ -e s/\$/\\\\n\"/ */ static const uint8_t tortoisegit_public_key[] = { "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" - "Version: GnuPG v1.4.11\n" + "Version: GnuPG v1\n" "\n" - "mQGiBFH80rsRBACHXxk2UUSeEIwyV0lKDBX87tKbeSyV5trqyTI6tlyC3F2+ueEd\n" - "D16mZR54wc5VQ1O0uIqBNRF78qJkjjZWUQt2VcPBWD9HiFIzjPGkSy+wk3EbvF/N\n" - "VAVLVcVMhBq6bBXVryQkwKUsbrXbdMVzSdOfHJvRjuZ12Z3cwa45OxpeuwCggc8l\n" - "L93mhV93sw6+Nz+MPO2qBi0D/RFW3rRqp8IoDNSOVhesP7fP9WXnkaSM7eTMx/Wd\n" - "hXpbeQVCSXiJhVQvKHw5hHuqNYZ54o0PEfgfm2i4+iEpflaa5sAzE+Pvy8VdnR3i\n" - "7sXDtC0s52s2nkNdIcv33Y4QUGNGPjafTLqvR/+DLXq+VI3/L5Goqy78mpn5cOu/\n" - "rYoQA/9hAv85QSL+XmxejGzw8KYdLqJixtKUob68kbuy+KG7fpOBMM30m3YkDgI6\n" - "moGN6JJGEpiGl4Z7coyhOIQo/WSBxpGx+OInozjlV4Xk8T5AW1pG3vP4W3KwXfoo\n" - "mdM16UMqzrLT+WEAdYKR+dHYsN6ttmlDVExgfF9c9SqoKDfU/7QfVG9ydG9pc2VH\n" - "aXQgUmVsZWFzZSBTaWduaW5nIEtleYhiBBMRAgAiBQJR/NK7AhsjBgsJCAcDAgYV\n" - "CAIJCgsEFgIDAQIeAQIXgAAKCRAz913PK8DTYm/YAJ4zehwjlvMsDt5va0HPB0HF\n" - "FxTBcACfa7gXDOuEKwNux07K0cYOz9bM+n6IRgQQEQIABgUCUfzS8wAKCRAWRmek\n" - "9anUxKqKAKDI3cqd73jLAZ2AjZHR2yyLqxnJLQCgvZ+/VGgmyINSKdpHmKq1qk42\n" - "ttw=\n" - "=L+nv\n" + "mQINBFQSJwIBEADehqoDNnjZwDQC/qGNBX6v165EMzq13fBdJw3pbh7c91/GhA9V\n" + "w0VItHGqX776oSZOf5n3ak+sdhwQMb9QzbmL4RnFt3cXqVC1NpLnNSfhsGiU+XnK\n" + "ooMrlXgVfoSkXpTKIltIRXA9ZUlh55lHonuZMZNOioQbzLLnlxY5viCLp1Aha4Rx\n" + "AOqr+jnyRVzGEZkLdtv9g2jmTPFdGe1mYurGQJVU7QyxdOlNLU7r4w0/vA9fH4iY\n" + "eWdUn23DxOYI6ArfFkh9p6kmubCAzo5GkBwBdYglDFQ04SFY9scLJNENkY4wQyty\n" + "Xz9mVXSQuOv0k62OHMGxFGwcuprYHsvHFh87PAMQfcXUw3mLhlaVx4Hl00s8nbZA\n" + "rlqq8hUSls5z6io+PHORVcRszj6hB2oc4BbzJCf/1tl6sbWTo9pEeJWxtpzIKXvI\n" + "O0Dt0c0NZ5w/hKlWAAgaUsub74FsrdEtJMtltO+vSOG9Tyx1pCw6UQD48lmQyh0r\n" + "aHly/NPgxO6qo+EF6wNIpACUjF9L1GOtN4uXRgGwY3hnXZpa4VrAznQ+5kd8c7Km\n" + "BA9TMPHwl0fKJeWzhav5nf1VCTqQnj0hgAt8UsRYNydEvVIsjlS9TLKv7qj3svTR\n" + "Nsc7NraAvyTBLSdvLsgVk2q/W519iY4fNpk14ygmdc473+wpKxDWOjdJ8wARAQAB\n" + "tB9Ub3J0b2lzZUdpdCBSZWxlYXNlIFNpZ25pbmcgS2V5iQI4BBMBAgAiBQJUEicC\n" + "AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRD38Xs/ndlTngWYD/9ubqoE\n" + "CPMvNJyGpcuEVH0g5NVLev5uVn8Yj1b34AWaLqjPw2XngMxYdyWYhDY9QJDMZJfm\n" + "RK6Jj8wz9pdt9jkS5TJsXufHVrGh1TaD2+GqX8k6ApYCMkFmJ9ZF54oK0vU9S2r1\n" + "jUgpI4DULij5QM2M9IQeXfrUkQs3rcrz0y/8QjJuv/Mmv92ksbhb94kYSp20fdkn\n" + "wdQtPDPgk6X8qmWfFH3VmPQRGcx+WwZGr5PWB0kEheHYa3Zj7RYL5/W7vkqCehnR\n" + "gb1xreGf4kiRvmO4gM0gZb4ZYnwCyLxTXCG+7hLsnBuBXFL2DDwmIisQoCueDnxx\n" + "mdLHFJqS43vRcH+JHFF88NqswC2gYlKJ1Y1ZElCc6NV75xjW1JQvMQOjo9cMiLVc\n" + "dn2hDswB4mJf3bJ6W++niBjkXFgmCJMsXo01H0oiGyMCKjuNpxuLhkS8wskccSaW\n" + "H40w46jcCqHShR+1H/JaY7DnDHD5tT1U+AiBv6K9ELg/Tl8dsPGeEKnyVjfmcnUG\n" + "aajlyFm4ngnFYDnd0GqUmFhOtHGNUXpEBW1xGr4buqAQaMdshn7wWO1Pc0V9Pn57\n" + "Muja4Fo6MePGxaRSAhbfTwprnI2EXOprNcYef9nelhVaQLNipMRIx+9d4E+AR0Ow\n" + "f0chmH75AZKxsy/0gK4882Zm3UUY8DjqiBHiDIhGBBMRAgAGBQJUFBojAAoJEDP3\n" + "Xc8rwNNigj4AnR/s1NsAqxHDhVcEPoIGe88lPZclAJsFwrAfX7SlY9NJWJf8BiqC\n" + "/JcjvIhGBBARAgAGBQJUFBpMAAoJEBZGZ6T1qdTExDUAoLU5gfCR1HcIqDHTQ/pw\n" + "W3s0s9YdAKDawZ5rjYuqCvblp2dDxoOrB3ULu4kCHAQQAQIABgUCVBQaaAAKCRAW\n" + "Wsy1/VFYOfwPEACP35nJlQMcHQo9M3xCW5qikLDpNIQXJ2RC5vAPsgAx1flk1gx7\n" + "4zqTBmQMWpI5IbTwHdy+qRBCqOKEX/HSuGhtDg3O5j07zwX5J9JDLuXi7WuHmSgc\n" + "DNwaRSvd6oEhWBjz68MJtJM7FIzPcsQWpSgkDkf47JVD1/lkiTfV8r2SIbqffipc\n" + "yixZnoo0Bv560sx9mULhjtVzfrIGJn+s7xLmKvuFBICAnrZVdB8xSfCNihiCJClD\n" + "iYbj5Xz8s7plyvohvAojHHDb2ibRLPZQtYkTIs5ZblzszVbNMtOv4COiLOjeWWlQ\n" + "FQnd20yqP6c/BizXjxJU3uYAFZCtis9j/1L6cPyVKKF+90SjZn21BPbvmDlSj9fv\n" + "3oIJ9G6J8X57GCKDVhtSnGKJImGJ0j2cOvjQgGlf2iQfLs8vtMkrhJghdzJJJZte\n" + "GcEZlF2yN7hOVH/+T2uolyUWHf6HWXNi4ybeBHonSAfD6ggQJJgkcuD9PWDnvRny\n" + "+bemSEczH768OhVRspV7qpUOqTbzpjx+1xfD990jGP2eiLjxVoKsiEpSlDq435o1\n" + "AJQK2BoQNinslk7q3yQNOdybnIL9y69wzG52MxTiNSpmgkOd2bFkSInQAtPDNznO\n" + "z//m6+RVkOT6ssdY8kMlG78N6a1ZtaJn023CeM4VDigoiJTbZdhqOVwnqw==\n" + "=SfFT\n" "-----END PGP PUBLIC KEY BLOCK-----\n" }; #endif -- 2.11.4.GIT