windeploy: Renewed windows code signing certificate #25201

pull achow101 wants to merge 1 commits into bitcoin:master from achow101:2022-05-win-cert changing 1 files +106 −83
  1. achow101 commented at 5:19 PM on May 24, 2022: member

    The current windows code signing certificate expires on May 26 23:59:59 2022 GMT. I have purchased a new code signing certificate which will expire on May 29 23:59:59 2024 GMT.

  2. windeploy: Renewed windows code signing certificate 7e9fe6d800
  3. DrahtBot added the label Scripts and tools on May 24, 2022
  4. laanwj added the label Needs backport (22.x) on May 24, 2022
  5. laanwj added the label Needs backport (23.x) on May 24, 2022
  6. laanwj commented at 6:25 PM on May 24, 2022: member

    Concept ACK, thanks for updating the cert.

  7. laanwj commented at 1:43 PM on May 26, 2022: member

    This is the data inside the certificates file, dumped with:

    $ csplit contrib/windeploy/win-codesign.cert '/-----BEGIN CERTIFICATE-----/' '{*}'
$ openssl x509 -in xx01 -text 
$ openssl x509 -in xx02 -text 
$ openssl x509 -in xx03 -text 

    Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:65:6f:75:06:a5:ef:65:36:43:16:d4:4d:3d:d2:45
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = "DigiCert, Inc.", CN = DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
        Validity
            Not Before: May 24 00:00:00 2022 GMT
            Not After : May 29 23:59:59 2024 GMT
        Subject: C = US, ST = Delaware, L = Lewes, O = Bitcoin Core Code Signing LLC, CN = Bitcoin Core Code Signing LLC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:b7:b0:c5:f8:f3:b6:e4:53:0c:d0:06:7f:bc:e4:
                    aa:a5:8d:12:dd:bc:09:99:95:24:7a:18:96:d5:51:
                    c6:d1:35:04:fe:39:05:f9:a9:b4:7e:5e:33:52:42:
                    fd:7a:2c:4c:fc:ad:1d:11:5e:3a:43:b8:61:50:2d:
                    88:42:f1:2b:d4:bf:f3:63:99:94:a0:3b:33:1e:cf:
                    5b:ab:ef:d7:5f:38:bb:cf:a6:3f:75:a9:4c:df:ca:
                    01:94:da:5b:d7:c1:d0:42:d3:48:2b:aa:b2:f5:ea:
                    d9:ca:cc:d9:3e:cd:b9:d2:67:4b:25:a1:d9:50:63:
                    2d:f3:cf:08:07:18:c3:3c:86:29:06:e5:8d:05:a3:
                    14:42:43:25:61:4a:f3:7b:7d:98:af:ef:d1:64:20:
                    03:78:c6:25:e6:b3:f9:5e:82:61:73:12:ed:48:29:
                    74:6f:1d:52:18:3d:a3:ad:e0:60:96:40:5b:9a:58:
                    44:8b:0d:45:c2:42:33:92:c7:87:01:0c:5b:9d:f6:
                    f5:4b:13:99:80:9f:3f:bf:f9:dd:e9:9e:a5:b4:34:
                    9f:c8:a3:55:98:e0:68:9f:8b:67:c3:6c:a4:12:d2:
                    78:28:85:f5:43:c2:29:7f:36:b9:68:90:01:44:db:
                    60:70:9f:4a:2d:c8:d1:fd:f0:42:27:57:2f:d6:58:
                    f8:f5:e6:6a:53:3b:04:cb:90:f9:cd:b1:11:c9:7d:
                    ec:29:e1:ac:3c:f1:10:1c:19:be:f3:82:f7:01:a8:
                    1b:ef:3e:7a:95:78:4e:35:19:59:ff:bb:40:dd:59:
                    61:e8:35:ad:a8:bb:73:b7:3c:bb:d2:0b:a2:01:3c:
                    b2:ed:b1:56:8c:f7:df:74:c7:08:3b:d2:70:88:27:
                    41:79:a4:f9:c6:ca:30:1b:60:f6:43:34:17:e6:8b:
                    5a:c3:76:c5:57:f4:b8:08:f7:53:bb:1d:5c:ba:df:
                    25:e5:b4:0d:92:24:b5:6b:53:05:0c:d7:3b:f3:84:
                    e0:a6:be:d5:61:67:0e:0d:07:24:88:a1:d1:c4:e3:
                    97:d6:18:bd:f7:b9:dc:be:29:08:6c:be:a8:6b:7f:
                    5c:60:51:a8:23:1f:5e:9d:e0:f8:7f:45:19:1e:6b:
                    a5:e9:ec:55:57:2c:ae:fd:c6:6d:37:d8:76:5a:5d:
                    9a:9f:4e:1c:7e:46:e7:b1:93:01:9b:9e:a1:b0:99:
                    83:ba:fb:44:a2:b4:cc:f5:3d:12:24:cb:27:1c:f2:
                    5e:e6:a2:bf:f2:ac:77:c7:88:84:74:63:7b:03:1a:
                    42:e0:2d:40:cd:6d:3b:ea:0a:01:b2:c5:d2:fd:8c:
                    ee:fe:ff:69:54:fb:e9:7d:f6:26:59:58:02:2c:e6:
                    df:38:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                68:37:E0:EB:B6:3B:F8:5F:11:86:FB:FE:61:7B:08:88:65:F4:4E:42
            X509v3 Subject Key Identifier: 
                BC:2A:54:E7:C3:C8:BA:87:EF:D2:41:C9:DD:3C:B4:60:32:84:CB:77
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                Code Signing
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                Full Name:
                  URI:http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.4.1
                  CPS: http://www.digicert.com/CPS
            Authority Information Access: 
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
            X509v3 Basic Constraints: critical
                CA:FALSE
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        18:69:4d:9b:9f:47:0b:35:be:bb:48:d3:10:75:fd:45:ab:48:
        42:71:74:f1:e2:bd:fa:57:13:bd:3c:77:3b:a6:26:1d:d3:17:
        3a:6c:11:40:90:5f:90:49:25:eb:75:97:bc:7d:da:c2:8d:78:
        02:fb:be:8b:40:fb:c3:bc:62:f3:03:eb:82:a2:9b:b5:4a:03:
        60:41:f0:03:87:29:06:e9:af:57:36:89:90:70:c2:87:c8:9e:
        f8:91:62:fb:2b:bd:0b:5a:e8:a0:72:d8:a3:9e:d4:bf:e5:d0:
        a9:e9:51:ac:cb:f5:3b:f8:54:ab:ee:58:0c:3f:41:cd:3f:79:
        34:2b:35:94:6c:98:00:ce:47:19:d9:d6:a5:be:4a:91:7e:fd:
        66:da:cc:86:23:a1:df:ce:a9:bd:54:de:89:fe:3f:3c:a2:18:
        3d:d2:8f:33:61:b1:d1:51:a6:da:b3:ac:86:98:51:55:7e:d9:
        71:c6:e1:f3:7a:03:cc:24:c9:02:f9:34:85:57:1a:22:bb:ae:
        a4:b9:56:b4:40:bf:9f:0b:7f:56:59:4e:08:5d:00:bf:b9:4b:
        24:84:d0:eb:11:f6:dd:0a:5b:bd:d9:07:da:71:6e:e6:59:e9:
        97:f1:8e:8b:63:c3:e2:22:94:21:26:dc:00:db:73:b1:1b:da:
        28:c8:e3:1f:26:8b:1d:17:58:c5:2b:84:bd:f8:b3:bf:e3:47:
        20:e2:3f:ed:f4:69:28:23:5a:9e:b5:d6:da:7f:11:84:56:e6:
        4a:48:68:54:7c:01:eb:03:74:cd:03:49:20:82:45:73:8c:c1:
        01:b6:4e:ad:be:0a:7a:88:b4:1e:68:2c:d3:e9:d9:7c:92:c2:
        52:16:be:68:db:ce:c4:44:7c:8a:44:df:28:77:6f:19:87:63:
        eb:c5:21:cd:91:d2:73:64:6d:63:48:4f:a0:06:b5:a1:10:ee:
        85:a4:82:92:bc:60:c9:00:40:27:f8:11:40:b8:41:ae:ea:1e:
        21:fa:61:29:98:26:18:c0:a4:12:c2:ed:40:f0:7a:f8:30:c6:
        e0:eb:c2:29:96:02:3f:ad:0e:4c:dd:9c:43:4c:70:1a:78:48:
        0c:ba:2f:05:2e:0e:2d:88:53:a1:d1:49:75:9d:87:66:04:90:
        36:dc:dc:57:70:92:79:e7:11:66:81:e1:d9:51:2f:ce:58:8c:
        7c:8b:5c:dd:0a:88:4e:d2:29:38:f5:2d:f4:78:74:67:83:a9:
        55:25:0e:3f:43:e7:e5:f8:6b:b1:7c:f7:02:cf:fe:e9:b8:d3:
        fe:76:1d:44:2f:e6:de:56:70:da:ff:e3:ba:fd:69:59:31:f4:
        31:ec:d5:bf:28:52:72:e0

    Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
        Signature Algorithm: sha384WithRSAEncryption
        Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Trusted Root G4
        Validity
            Not Before: Apr 29 00:00:00 2021 GMT
            Not After : Apr 28 23:59:59 2036 GMT
        Subject: C = US, O = "DigiCert, Inc.", CN = DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:d5:b4:2f:42:d0:28:ad:78:b7:5d:d5:39:59:1b:
                    b1:88:42:f5:33:8c:eb:3d:81:97:70:c5:bb:c4:85:
                    26:30:9f:a4:8e:68:d8:5c:f5:eb:34:24:07:e1:4b:
                    4f:d3:78:43:f4:17:d7:1e:da:f9:d2:d5:67:1a:52:
                    4f:0e:a1:57:fc:88:99:c1:91:cc:81:03:3e:4d:70:
                    24:64:b3:8d:e2:08:7d:34:7d:4c:80:57:12:6b:43:
                    9a:99:f2:c5:3b:1f:f2:ef:cb:47:5a:13:a6:4c:b3:
                    01:20:25:f3:10:d3:8b:b2:fb:08:f0:8a:e0:9d:09:
                    c0:65:a7:fa:98:80:49:35:87:3d:51:19:e8:90:21:
                    78:45:2e:a1:9f:2c:e1:18:c2:1a:cc:c5:ee:93:49:
                    70:42:32:8f:fb:c6:ea:1c:f3:65:68:91:a2:4d:4c:
                    82:11:48:52:68:de:10:bd:14:57:5d:e8:18:13:65:
                    c5:7f:b2:4f:85:2c:48:a4:56:84:35:d6:f9:2e:9c:
                    aa:00:15:d1:37:fe:1a:06:94:c2:7c:c8:ea:1b:32:
                    e6:ca:c2:f4:a7:a3:03:0e:74:a5:af:39:b6:ab:60:
                    12:e3:e8:d6:b9:f7:31:e1:dc:ad:e4:18:a0:d8:c1:
                    23:47:47:b3:a1:0f:6e:a3:ab:6d:98:06:83:1b:b7:
                    6a:67:2d:d2:bd:44:1a:92:10:81:8f:b0:3b:09:d7:
                    c7:9b:32:5a:c2:ff:6a:60:54:8b:49:c1:93:ed:e1:
                    b4:5c:e0:6f:eb:26:f9:8c:d5:b2:f9:38:10:e6:ea:
                    ce:91:f5:be:d3:fb:6f:93:61:34:5c:bc:93:45:28:
                    83:36:2a:66:28:5f:b0:73:ce:8b:26:25:06:b2:83:
                    d4:5c:f6:15:19:4c:ed:62:e0:5e:33:f2:e8:e8:ec:
                    0a:a7:b0:03:2b:91:b2:36:79:be:f7:ad:08:1e:75:
                    a6:65:cc:bb:e3:48:50:f3:77:91:1a:fe:db:50:a2:
                    46:c8:61:58:98:f5:7c:02:16:3c:83:28:ad:39:86:
                    ec:d4:b7:0d:53:d0:f8:47:e6:75:30:8d:ec:30:93:
                    76:14:a6:5b:4b:5d:74:61:4d:3f:12:91:76:de:bf:
                    58:cb:72:10:29:41:f0:d5:c5:6d:26:76:68:11:41:
                    13:58:9a:dc:26:2b:01:f4:89:4d:59:db:78:cf:81:
                    4a:3e:40:47:5f:c9:81:50:73:85:10:23:21:59:60:
                    8a:64:54:c1:cc:21:1a:e8:38:19:7c:66:1c:cd:78:
                    38:45:30:99:4f:ff:63:4f:4c:bb:aa:0d:08:53:41:
                    7c:58:3d:47:b3:fa:b6:ec:8c:32:09:02:cc:6c:3c:
                    0c:56:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Subject Key Identifier: 
                68:37:E0:EB:B6:3B:F8:5F:11:86:FB:FE:61:7B:08:88:65:F4:4E:42
            X509v3 Authority Key Identifier: 
                EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Extended Key Usage: 
                Code Signing
            Authority Information Access: 
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl3.digicert.com/DigiCertTrustedRootG4.crl
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.3
                Policy: 2.23.140.1.4.1
    Signature Algorithm: sha384WithRSAEncryption
    Signature Value:
        3a:23:44:3d:8d:08:76:ee:8f:bc:3a:99:d3:56:e0:02:1a:a5:
        f8:48:34:f3:2c:b6:e6:74:66:f7:94:72:b1:00:ca:af:6c:30:
        27:13:12:9e:90:44:9f:4b:fd:9e:a3:7c:26:d5:37:bc:3a:5d:
        48:6d:95:d5:3f:49:f4:27:bb:16:81:45:50:fd:9c:bd:b6:85:
        e0:76:7e:37:71:cb:22:f7:5a:aa:90:cf:f5:93:6a:e3:eb:20:
        d1:d5:50:79:88:9a:8a:8a:c1:b6:bd:a1:48:18:7e:dc:d8:80:
        1a:11:19:18:cd:61:99:81:56:f6:c9:e3:76:e7:c4:e4:1b:5f:
        43:f8:3e:94:ff:76:39:3d:9e:d4:99:cf:4a:dd:28:eb:5f:26:
        a1:95:58:48:d5:1a:fe:d7:27:3f:fd:90:d1:76:86:dd:1c:b0:
        60:5c:f3:0d:a8:ee:e0:89:a1:bd:39:e1:38:4e:da:6e:bb:36:
        9d:fb:e5:21:53:5a:c3:ca:e9:6a:f1:a2:3e:db:43:b8:33:c8:
        4f:38:14:92:99:f5:dd:ce:54:6d:d9:5d:02:14:1f:40:33:7c:
        03:e2:95:b2:c2:21:75:73:52:cb:46:d8:c4:34:1c:a2:a5:4b:
        8d:cd:6f:76:37:2c:85:3f:1a:ce:26:e9:18:be:90:07:b0:43:
        7f:95:88:20:82:70:f0:cc:ca:ef:fd:29:35:5c:1f:89:38:55:
        f7:37:8a:8b:09:a1:cb:0b:e9:31:1a:ff:2e:19:5c:39:71:e1:
        be:9c:a7:0a:06:d6:26:67:b7:92:e6:4e:5f:de:7a:ac:49:cf:
        2e:a4:74:92:ad:db:3c:a4:9c:86:1f:e3:c1:56:1b:2b:23:ff:
        8f:b5:ea:88:7b:70:6b:e6:a0:ba:fd:3a:3f:45:a6:c4:e8:16:
        91:52:8b:41:c0:48:84:4b:96:4d:ab:44:40:e3:8d:f0:15:28:
        ce:ed:f1:18:56:07:2a:2f:10:c4:0c:08:64:3c:33:8f:ae:28:
        8c:3c:cb:8f:88:0b:0d:bf:3b:f4:ce:1e:7b:8e:ef:b5:eb:cb:
        b7:f0:77:13:e6:e7:28:3f:ac:12:ae:a5:2f:22:6c:41:f9:82:
        5c:15:66:cc:6c:0e:ca:c5:86:c3:f6:26:33:0c:07:4b:a0:d3:
        07:02:6a:6a:40:30:48:4b:34:a8:51:20:bb:ad:1b:85:08:e2:
        59:0d:6d:ca:05:50:2b:ea:4a:1c:9e:a5:fd:a0:a7:1f:06:74:
        e7:f2:d6:52:90:fd:af:85:48:21:f9:57:3b:b4:9c:03:ed:86:
        45:f4:b4:61:6e:bf:68:e2:26:60:86:ea:c8:af:a9:fe:94:1d:
        e7:63:1b:3a:86:56:78:4e

    Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
        Signature Algorithm: sha384WithRSAEncryption
        Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Trusted Root G4
        Validity
            Not Before: Aug  1 12:00:00 2013 GMT
            Not After : Jan 15 12:00:00 2038 GMT
        Subject: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Trusted Root G4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:bf:e6:90:73:68:de:bb:e4:5d:4a:3c:30:22:30:
                    69:33:ec:c2:a7:25:2e:c9:21:3d:f2:8a:d8:59:c2:
                    e1:29:a7:3d:58:ab:76:9a:cd:ae:7b:1b:84:0d:c4:
                    30:1f:f3:1b:a4:38:16:eb:56:c6:97:6d:1d:ab:b2:
                    79:f2:ca:11:d2:e4:5f:d6:05:3c:52:0f:52:1f:c6:
                    9e:15:a5:7e:be:9f:a9:57:16:59:55:72:af:68:93:
                    70:c2:b2:ba:75:99:6a:73:32:94:d1:10:44:10:2e:
                    df:82:f3:07:84:e6:74:3b:6d:71:e2:2d:0c:1b:ee:
                    20:d5:c9:20:1d:63:29:2d:ce:ec:5e:4e:c8:93:f8:
                    21:61:9b:34:eb:05:c6:5e:ec:5b:1a:bc:eb:c9:cf:
                    cd:ac:34:40:5f:b1:7a:66:ee:77:c8:48:a8:66:57:
                    57:9f:54:58:8e:0c:2b:b7:4f:a7:30:d9:56:ee:ca:
                    7b:5d:e3:ad:c9:4f:5e:e5:35:e7:31:cb:da:93:5e:
                    dc:8e:8f:80:da:b6:91:98:40:90:79:c3:78:c7:b6:
                    b1:c4:b5:6a:18:38:03:10:8d:d8:d4:37:a4:2e:05:
                    7d:88:f5:82:3e:10:91:70:ab:55:82:41:32:d7:db:
                    04:73:2a:6e:91:01:7c:21:4c:d4:bc:ae:1b:03:75:
                    5d:78:66:d9:3a:31:44:9a:33:40:bf:08:d7:5a:49:
                    a4:c2:e6:a9:a0:67:dd:a4:27:bc:a1:4f:39:b5:11:
                    58:17:f7:24:5c:46:8f:64:f7:c1:69:88:76:98:76:
                    3d:59:5d:42:76:87:89:97:69:7a:48:f0:e0:a2:12:
                    1b:66:9a:74:ca:de:4b:1e:e7:0e:63:ae:e6:d4:ef:
                    92:92:3a:9e:3d:dc:00:e4:45:25:89:b6:9a:44:19:
                    2b:7e:c0:94:b4:d2:61:6d:eb:33:d9:c5:df:4b:04:
                    00:cc:7d:1c:95:c3:8f:f7:21:b2:b2:11:b7:bb:7f:
                    f2:d5:8c:70:2c:41:60:aa:b1:63:18:44:95:1a:76:
                    62:7e:f6:80:b0:fb:e8:64:a6:33:d1:89:07:e1:bd:
                    b7:e6:43:a4:18:b8:a6:77:01:e1:0f:94:0c:21:1d:
                    b2:54:29:25:89:6c:e5:0e:52:51:47:74:be:26:ac:
                    b6:41:75:de:7a:ac:5f:8d:3f:c9:bc:d3:41:11:12:
                    5b:e5:10:50:eb:31:c5:ca:72:16:22:09:df:7c:4c:
                    75:3f:63:ec:21:5f:c4:20:51:6b:6f:b1:ab:86:8b:
                    4f:c2:d6:45:5f:9d:20:fc:a1:1e:c5:c0:8f:a2:b1:
                    7e:0a:26:99:f5:e4:69:2f:98:1d:2d:f5:d9:a9:b2:
                    1d:e5:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
                EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F
    Signature Algorithm: sha384WithRSAEncryption
    Signature Value:
        bb:61:d9:7d:a9:6c:be:17:c4:91:1b:c3:a1:a2:00:8d:e3:64:
        68:0f:56:cf:77:ae:70:f9:fd:9a:4a:99:b9:c9:78:5c:0c:0c:
        5f:e4:e6:14:29:56:0b:36:49:5d:44:63:e0:ad:9c:96:18:66:
        1b:23:0d:3d:79:e9:6d:6b:d6:54:f8:d2:3c:c1:43:40:ae:1d:
        50:f5:52:fc:90:3b:bb:98:99:69:6b:c7:c1:a7:a8:68:a4:27:
        dc:9d:f9:27:ae:30:85:b9:f6:67:4d:3a:3e:8f:59:39:22:53:
        44:eb:c8:5d:03:ca:ed:50:7a:7d:62:21:0a:80:c8:73:66:d1:
        a0:05:60:5f:e8:a5:b4:a7:af:a8:f7:6d:35:9c:7c:5a:8a:d6:
        a2:38:99:f3:78:8b:f4:4d:d2:20:0b:de:04:ee:8c:9b:47:81:
        72:0d:c0:14:32:ef:30:59:2e:ae:e0:71:f2:56:e4:6a:97:6f:
        92:50:6d:96:8d:68:7a:9a:b2:36:14:7a:06:f2:24:b9:09:11:
        50:d7:08:b1:b8:89:7a:84:23:61:42:29:e5:a3:cd:a2:20:41:
        d7:d1:9c:64:d9:ea:26:a1:8b:14:d7:4c:19:b2:50:41:71:3d:
        3f:4d:70:23:86:0c:4a:dc:81:d2:cc:32:94:84:0d:08:09:97:
        1c:4f:c0:ee:6b:20:74:30:d2:e0:39:34:10:85:21:15:01:08:
        e8:55:32:de:71:49:d9:28:17:50:4d:e6:be:4d:d1:75:ac:d0:
        ca:fb:41:b8:43:a5:aa:d3:c3:05:44:4f:2c:36:9b:e2:fa:e2:
        45:b8:23:53:6c:06:6f:67:55:7f:46:b5:4c:3f:6e:28:5a:79:
        26:d2:a4:a8:62:97:d2:1e:e2:ed:4a:8b:bc:1b:fd:47:4a:0d:
        df:67:66:7e:b2:5b:41:d0:3b:e4:f4:3b:f4:04:63:e9:ef:c2:
        54:00:51:a0:8a:2a:c9:ce:78:cc:d5:ea:87:04:18:b3:ce:af:
        49:88:af:f3:92:99:b6:b3:e6:61:0f:d2:85:00:e7:50:1a:e4:
        1b:95:9d:19:a1:b9:9c:b1:9b:b1:00:1e:ef:d0:0f:4f:42:6c:
        c9:0a:bc:ee:43:fa:3a:71:a5:c8:4d:26:a5:35:fd:89:5d:bc:
        85:62:1d:32:d2:a0:2b:54:ed:9a:57:c1:db:fa:10:cf:19:b7:
        8b:4a:1b:8f:01:b6:27:95:53:e8:b6:89:6d:5b:bc:68:d4:23:
        e8:8b:51:a2:56:f9:f0:a6:80:a0:d6:1e:b3:bc:0f:0f:53:75:
        29:aa:ea:13:77:e4:de:8c:81:21:ad:07:10:47:11:ad:87:3d:
        07:d1:75:bc:cf:f3:66:7e
  8. laanwj commented at 1:49 PM on May 26, 2022: member

    Metadata-only diff of our cert only, before and after this PR:

    --- a/01.txt	2022-05-26 15:47:38.796449649 +0200
+++ b/01.txt	2022-05-26 15:48:07.652166313 +0200
@@ -2,12 +2,12 @@
     Data:
         Version: 3 (0x2)
         Serial Number:
-            05:23:7b:0a:6d:7a:67:45:13:f6:9e:e5:03:68:e2:28
+            0a:65:6f:75:06:a5:ef:65:36:43:16:d4:4d:3d:d2:45
         Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Assured ID Code Signing CA
+        Issuer: C = US, O = "DigiCert, Inc.", CN = DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
         Validity
-            Not Before: May 21 00:00:00 2021 GMT
-            Not After : May 26 23:59:59 2022 GMT
+            Not Before: May 24 00:00:00 2022 GMT
+            Not After : May 29 23:59:59 2024 GMT
         Subject: C = US, ST = Delaware, L = Lewes, O = Bitcoin Core Code Signing LLC, CN = Bitcoin Core Code Signing LLC
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
@@ -16,25 +16,24 @@
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Authority Key Identifier: 
-                5A:C4:B9:7B:2A:0A:A3:A5:EA:71:03:C0:60:F9:2D:F6:65:75:0E:58
+                68:37:E0:EB:B6:3B:F8:5F:11:86:FB:FE:61:7B:08:88:65:F4:4E:42
             X509v3 Subject Key Identifier: 
-                55:22:ED:66:78:9F:10:7B:DD:F3:3D:C4:EC:0C:8B:60:DB:83:89:A3
+                BC:2A:54:E7:C3:C8:BA:87:EF:D2:41:C9:DD:3C:B4:60:32:84:CB:77
             X509v3 Key Usage: critical
                 Digital Signature
             X509v3 Extended Key Usage: 
                 Code Signing
             X509v3 CRL Distribution Points: 
                 Full Name:
-                  URI:http://crl3.digicert.com/sha2-assured-cs-g1.crl
+                  URI:http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                 Full Name:
-                  URI:http://crl4.digicert.com/sha2-assured-cs-g1.crl
+                  URI:http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
             X509v3 Certificate Policies: 
-                Policy: 2.16.840.1.114412.3.1
-                  CPS: http://www.digicert.com/CPS
                 Policy: 2.23.140.1.4.1
+                  CPS: http://www.digicert.com/CPS
             Authority Information Access: 
                 OCSP - URI:http://ocsp.digicert.com
-                CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt
+                CA Issuers - URI:http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
             X509v3 Basic Constraints: critical
                 CA:FALSE
     Signature Algorithm: sha256WithRSAEncryption
  9. laanwj commented at 1:54 PM on May 26, 2022: member

    ACK 7e9fe6d800ee8f3381e8f6ad2371f7775c68fad9

    I have checked the changes made here in as far as I could and they look correct to me, and to form a correct certificate chain.

  10. achow101 commented at 3:11 PM on May 26, 2022: member

    I have signed the following message (uploaded as the file transfer.txt) with both the old and new keys:

    The new windows code signing key has the serial number 0a:65:6f:75:06:a5:ef:65:36:43:16:d4:4d:3d:d2:45
SHA256 fingerprint 88:FC:C8:B3:97:1A:32:4C:06:8E:CF:FE:D6:9F:16:43:74:EC:AD:3B:94:54:4D:33:EE:EB:16:0D:61:10:C0:BE
and expires on May 29 23:59:59 2024 GMT.

The current block hash is 00000000000000000006ed567004da1d3fae7fc5fe5e5d5587fbba1e7884270e.

    Signature with old key (uploaded as the file transfer.asc.txt):

    -----BEGIN PKCS7-----
MIID0QYJKoZIhvcNAQcCoIIDwjCCA74CAQExDzANBglghkgBZQMEAgEFADALBgkq
hkiG9w0BBwExggOZMIIDlQIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM
RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQD
EyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgQ29kZSBTaWduaW5nIENBAhAFI3sK
bXpnRRP2nuUDaOIoMA0GCWCGSAFlAwQCAQUAoIHkMBgGCSqGSIb3DQEJAzELBgkq
hkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIyMDUyNjE0NTczMVowLwYJKoZIhvcN
AQkEMSIEIOjoYNEuna+TFv9Sy03C3FrQB4oomHsd8fipPXwMPXeYMHkGCSqGSIb3
DQEJDzFsMGowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjALBglghkgBZQMEAQIw
CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsO
AwIHMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIICAHhyip1eaA+P8BFv
du4a28c3U8fRcSZa4MhssoAGM3mDt14/FPowOYljgXB4V+YhDfo7MIrWJ5sLzGy+
wnTETCxjyDDo2VyNWaeosnAFZl3v89/omcLaq/UtThzrJI8dNqWxWOJwP6L0R0kK
SYb2Z/tmsJH1EAPdCDqzRinTZXc9gbZ6iceun7QDzL+QBOnXkYTTnTO4nXPRqWOK
6NI96C/+pIu+s1i/6pjIKeRrt7YAn92kc6zl1yUejZk3T9cC46hIxDGVBv6D2AOc
06MnQ2si0BK9KtzjhAU39ZMIgCKICZlJpSeUrd854uFex8TR5zeHNOpki9vEBSqg
ZVO58abYDfIGsY/bf6EdtUIxOY0iVlcDe3oCv+WHInnaQrR7mcj8V8lrqOMM7blg
zCpEA/Gi3il2TQdZqJXWMmJ9RLqsS2Vw61j5ybdpJp6wNyNwCAr40asfDm4YGDF3
1QdLpMjoPdYLLjf6PNXJa4oQIP3CL0XJxdRQYw9ehmOv9BOLtQjd0Q+NPYro1BMt
MetXO/Y8YrYl33X3+xtpcGfH14bN90IDjivx9QRwLLcbY7xYWfWpUDy0zPsiMWrW
6os7h9beWnFWH8tcDjxsqww0sueWuuitOjFhIHxrS+S4RnbGzxRIxL+FICiY3xQh
YuM5GiJReQwppiiNj9B+k+LIG+Oz
-----END PKCS7-----

    This can be verified using the following command on master (with the old code signing cert):

    openssl cms -verify -in transfer.asc.txt -inform pem -purpose any -content transfer.txt -certfile contrib/windeploy/win-codesign.cert -CAfile contrib/windeploy/win-codesign.cert

    Signature with new key (uploaded as the file newkey.asc.txt):

    -----BEGIN PKCS7-----
MIIDxwYJKoZIhvcNAQcCoIIDuDCCA7QCAQExDzANBglghkgBZQMEAgEFADALBgkq
hkiG9w0BBwExggOPMIIDiwIBATB9MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5E
aWdpQ2VydCwgSW5jLjFBMD8GA1UEAxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2Rl
IFNpZ25pbmcgUlNBNDA5NiBTSEEzODQgMjAyMSBDQTECEAplb3UGpe9lNkMW1E09
0kUwDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc
BgkqhkiG9w0BCQUxDxcNMjIwNTI2MTUwMDUxWjAvBgkqhkiG9w0BCQQxIgQg6Ohg
0S6dr5MW/1LLTcLcWtAHiiiYex3x+Kk9fAw9d5gweQYJKoZIhvcNAQkPMWwwajAL
BglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0D
BzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZI
hvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggIALx8cLAPRGaCvhPamNaXKAquevh0M
cwUq7/6Ms50pwL919iEu7iTShyVCjhNxykZ+DlzogT3Q0L8lfKpXljL2v3Ap/OOj
C6R/0UzO3Sb0JQHrWRTJT0rlx3lN34EQjAFUIVzqU1OOlwBeS5km75Q5/rGg5IHo
XzDHPSZyYC/EfAxhMznH2xdM5M8z5Fq/qAO6BkXKl54wliD9QfU5ZOGjrOz09DAt
DBKJyoFntVj3IciKjqZGhasTsyzGph0nJth/TvOVSeHYvW4Or6lVu6Dkeg6gaPtZ
NK2vjbSfp4GmLjxrefqtYwfamFEkvUSTsuo5xfVzhLTmcXnqHHzbePx+qWMLutAF
aBlxovpUN4AJ4ltQP4O5xRJHPC9+G4eM7YfGT1D9imS9hQyGs0kkaOR3/saWs4Yc
Vj5ANi/zG8XkKTy+tq+e9Vcn5xuThopYpbes1HpD7Dnt6drrYovHSWMy6P7913om
WaDU6R6tnBs920NrVfjurQYJ51C5TblqQozawmm6yhJhga7EDofwPu/baEqS9Ey3
GfJJNeZxxG62PAQ/nX3vBPwjWFj/5Fl8fi5V8Fv4SxiEtGfDraiCLBMIK15i5hgI
iHTRVW7QLiel90DVapuknH9BLaNk+ttOZISSCHJsztWWR1po6VecTWivB8hTXWBl
9fV9ox3kR0MMod4=
-----END PKCS7-----

    This can be verified using the following command on this branch (with the new code signing cert):

    openssl cms -verify -in newkey.asc.txt -inform pem -purpose any -content transfer.txt -certfile contrib/windeploy/win-codesign.cert -CAfile contrib/windeploy/win-codesign.cert
  11. fanquake approved
  12. fanquake commented at 9:59 AM on May 27, 2022: member

    ACK 7e9fe6d800ee8f3381e8f6ad2371f7775c68fad9 - tested above with OpenSSL 3 & faketime.

  13. fanquake merged this on May 27, 2022
  14. fanquake closed this on May 27, 2022
  15. fanquake referenced this in commit bd6d3ac8b7 on Jun 9, 2022
  16. fanquake removed the label Needs backport (23.x) on Jun 9, 2022
  17. fanquake commented at 11:27 AM on June 9, 2022: member

    Backported to 23.x in #25316.

  18. fanquake referenced this in commit c4aacfbf65 on Jun 9, 2022
  19. fanquake removed the label Needs backport (22.x) on Jun 9, 2022
  20. fanquake commented at 11:33 AM on June 9, 2022: member

    Backported to 22.x in #25317.

  21. laanwj referenced this in commit cfb0eea91e on Jun 10, 2022
  22. MarcoFalke referenced this in commit a33ec8a693 on Jul 8, 2022
  23. DrahtBot locked this on Jun 9, 2023
Contributors
achow101laanwjfanquake
Labels
Scripts and tools
Linked (view graph)
#25316 23.x backports#25317 22.x Backport new Windows code signing certificate
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-17 03:13 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me