Bitcoin binaries are not signed #2689

issue grue0 opened this issue on May 23, 2013

grue0 commented at 9:41 PM on May 23, 2013: none
For Windows builds, only the setup executable is signed. On Windows, it's customary for publishers to sign both the setup and binaries. I understand signing the executable doesn't increase tamper resistance during download. However, signing the run-time executable provides the following advantages:
- any UAC dialog box will show Bitcoin Foundation as the publisher
- it allows users who don't use the setup executable to verify the program's authenticity
- the executable can later be verified for any tampering (especially when running across USB drives)
Diapolo commented at 6:36 AM on May 24, 2013: none

At least the UAC stuff is pointless, as you never need to run it with Admin-token :). I agree on the later 2 points.
grue0 commented at 9:44 PM on May 30, 2013: none

bump: 0.8.2 binaries are still not signed.
laanwj commented at 5:13 AM on May 31, 2013: member

Don't bump your issues, it makes you look like an impatient ass and won't help you get them implemented any faster. If you really want something implemented do it yourself. In this case add code signing to gitian.

This is harder than it seems, as the determinism verification would have to ignore the developer specific signature...

Also this will mean that the outer installer can no longer be checked with the trusted build process, as it includes an executable signed with the developer's key so it will always differ. Overall, this may make everything less secure instead of more secure.
laanwj closed this on May 18, 2015
MarcoFalke locked this on Sep 8, 2021

Contributors

Labels