Comments (23)
nice idea! how?
from simplewall.
- now added GPG key to GitHub and this will be sign all commits.
- uploaded key to the SKS keyserver (hkps.pool.sks-keyservers.net) and PGP keyserver (keyserver.pgp.com) in future i can sign binaries with GPG
from simplewall.
done! version is NOT changed!
http://www.henrypp.org/product/simplewall#gpg
UPD: and website are updated!
from simplewall.
Nice!
Now we need the .asc file for the binary so we can check the signature.
Also it would be good if you can copy your pubkey.txt to GitHub so you have in case of infected own server a secure copy on GitHub.
I sign your key (5635B5FD) with my key (620F071D) so it get more trustworthy.
from simplewall.
Okay, i hear you. I put sign for installer in next version.
from simplewall.
Done. All is done. Added installer signature for all projects.
https://github.com/henrypp/simplewall/releases/download/v.1.6.5/simplewall-1.6.5-setup.sig
from simplewall.
Thank you!
Works fine now
from simplewall.
As for digital signing i have no idea. But i'm sure it exist tutorials on internet
But for GPG signature thats easy: install GPG, create a 4096bit key with valid contact info (mail and your real name or your username here), upload your public key to the GPG server, sign the binary and provide the .asc file under downloads. You need then sign every binary
With the .asc file and your public key we can verify the binary is realy from you.
And we can sign your public key to strengh it.
Also you need to publish your public key ID with fingerprint on https://github.com/henrypp/simplewall so all users can import your key and can check if the key ID is correct
Edit: Also you can then sign your github commits with the same key- or another key. For that you need to enter the key in your github settings.
from simplewall.
Nice!
Please post your GPG Key (with fingerprint) on https://github.com/henrypp/simplewall so we can use it.
from simplewall.
push
i still miss your GPG key info. See my post above
from simplewall.
i think where do i post this key, because i will sign all apps and post it on all repos is not rational.
maybe add information into "readme.md" with link for key on a keyserver and fingerprint.
anyway, what do i post - secret key or public (or both of them)?
from simplewall.
Into readme with key ID & finterprint is enough.
You just need to post your public key ID (0xYOUR KEY ID) with the fingerprint.
For example here mine:
0x620F071D (github show 97F9E213620F071D but GPG4Win only the short version which is still enough) - fingerprint: 3D3A A8EA 763A A97D A252 0714 97F9 E213 620F 071D
Also you should NEVER post anywhere your secret key. This is very important and should be always offline.
from simplewall.
push
Also it would be nice if you can sign the latest version and make a new release, maybe 1.6.5.1 because its a small change and dont change the code
from simplewall.
Attach .asc to every binary... i can't. I put key id and his link on ha.pool.sks-keyservers.net on a website.
I think this is enough!
I sign your key (5635B5FD) with my key (620F071D) so it get more trustworthy.
Thank you
from simplewall.
But we need the .asc files to check the signature. Without it isnt possible!
The command is gpg --verify [[ sigfile ] [ signed-files ]]
See here for create that asc files: https://www.gnupg.org/gph/en/manual/x135.html
Also the SHA256 checksum is now wrong for the signed binary
from simplewall.
simplewall sha256 is A-ok.
Sign .exe with: gpg --output [ sigfile ] --detach-sign [ signed-files ]
And uploaded pubkey to all repos.
from simplewall.
We cant get the .asc file.
You need to publish it.
And without it we cant verify the binary with your key
from simplewall.
Why you cant? Here https://raw.githubusercontent.com/henrypp/simplewall/master/pubkey.asc
from simplewall.
Because that doesnt work.
If i try "gpg --verify pubkey.asc simplewall-1.6.5-setup.exe" i got a unknown error.
Same when i rename pubkey.asc to simplewall-1.6.5-setup.exe.asc
from simplewall.
- pubkey.asc - isn't signature, it's a public key for import into local gpg database.
- simplewall.sig - is a signature and signed only binaries simplewall.exe (32/64)
Example:
gpg --import pubkey.asc
gpg --verify simplewall.sig simplewall.exe
from simplewall.
Yeah i know.
But where i get the simplewall.sig file?
from simplewall.
Near with simplewall.exe
from simplewall.
So you only signed the binarys from the packed .zip version and the installed binarys from installer .exe version?
For installer version that isnt good. Better signed the whole installer.exe because we need to verify it before we start the .exe with adminrights
from simplewall.
Related Issues (20)
- [Bug] Blue screen of death after not allowing eac.exe (Easy AntiCheat) then all filters removed. HOT 3
- buttom or option to block all traficc HOT 2
- [Question]I have been using this software normally, but one day for some unknown reason, there was no connection prompt when installing new software? HOT 3
- [Bug] windows store games with "codefusion" DRM still cant connect to the internet after "allowed" HOT 1
- [Question]How do I allow Command Prompt (Ping) Internet Access? HOT 3
- [Question] How are DLL's blocked? HOT 1
- new Version ccrashed STATUS_STACK_BUFFER_OVERRUN HOT 4
- [Bug] Tray menu theme issue after v3.8
- [Bug] After upgrading to v3.8.0 UI is not responding to keyboard inputs. HOT 5
- [Feature] HOT 1
- [Question]SW Does not remember deleted applications
- Show log button does not work as expected HOT 2
- [Question] What is the difference between Disable, Allow and Block? HOT 5
- [Bug] HOT 4
- [Bug] `Ctrl+A` lacks search context HOT 2
- Which Windows services/components are required HOT 1
- [Bug] VPN resources are not available when simplewall is enabled (applies to IKEv2 )
- How to export SimpleWall profile to Windows Defender Firewall?
- simple wall not working on WhatsApp. HOT 1
- [Feature] Interface view: Last connection
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from simplewall.