releases: Update with new Windows code signing certificate #18425

pull achow101 wants to merge 1 commits into bitcoin:master from achow101:win-cert-3-20 changing 1 files +28 −28
  1. achow101 commented at 8:59 PM on March 24, 2020: member

    The current Windows code signing certificate is about expire (on March 26th 2020). As I have volunteered to take over the Windows code signing duties, I've purchased a new Windows code signing certificate with the same CA and under the same organization (Bitcoin Core Code Signing Association).

    A signature by the old certificate over the new certificate has been provided to me. This signature can be verified using

    openssl cms -verify -inform pem -purpose any -content path/to/new/win-codesign.cert -CAfile path/to/old/win-codesign.cert -certfile path/to/old/win-codesign.cert

    The verification should succeed and the new certificate will be printed out. This can be compared to the contents of win-codesign.cert.

    -----BEGIN PKCS7-----
MIIC3AYJKoZIhvcNAQcCoIICzTCCAskCAQExDzANBglghkgBZQMEAgEFADALBgkq
hkiG9w0BBwExggKkMIICoAIBATCBkTB8MQswCQYDVQQGEwJHQjEbMBkGA1UECBMS
R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9T
ZWN0aWdvIExpbWl0ZWQxJDAiBgNVBAMTG1NlY3RpZ28gUlNBIENvZGUgU2lnbmlu
ZyBDQQIRALWcUnSOxv9FQW3xdaMDO6swDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZI
hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAwMzI0MjA0ODM3
WjAvBgkqhkiG9w0BCQQxIgQgtLkmnuSQyczDlJSnJeqbi61p3iJ/rpFABrY8JWBO
o74weQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsG
CWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEA
XaCl3Q8HwI9VpLCb9OY9eQh0QOPyl1KWEc3TP3UvwZwR4/gXkfPOKKf19UnS8eRB
48SgUKRMYWoDYfSVUJRMda9BLkbJbQlHG3LFXhSY2alajpPXEHcMto/XPhVAmqzL
w6aSNY0Gaorow696JHpetpKqAAlL1r2GjeaPYi2aZyIAifuhay/qwA+ig0SqzGOw
UdgFZWMyS5yanq8/WlLCCql6kKOzT4tEqUaleD7R1q8BTcG2+fmhWR8WwJLpIV6y
7GAqt0Cocu8sYpTNBNk8iKHxzZ2hMZKJpH9lHZuiJ/9vSercrvDy2R4/MG+KnBWb
OyiFAt2mC51+63RhLOMJfg==
-----END PKCS7-----
  2. Update with new Windows code signing certificate 3e0df92bf2
  3. achow101 commented at 9:00 PM on March 24, 2020: member

    If we plan on doing any further 0.19 releases, this will need to be backported to 0.19.

  4. theuni approved
  5. theuni commented at 9:04 PM on March 24, 2020: member

    ACK 3e0df92bf216e1dce05ca9bf14049f2e42783c30.

    Verified that the signature is good :p

    Thanks for volunteering!

  6. fanquake added the label Windows on Mar 24, 2020
  7. laanwj added the label Needs backport (0.19) on Mar 25, 2020
  8. laanwj added this to the milestone 0.20.0 on Mar 25, 2020
  9. laanwj commented at 4:04 PM on March 25, 2020: member

    ACK 3e0df92bf216e1dce05ca9bf14049f2e42783c30

    I have successfully verified the signature;

    $ git show 3e50fdbe4e5bb98194e88023468bd77dee78b26e:contrib/windeploy/win-codesign.cert > /tmp/old-win-codesign.cert
$ git show 3e0df92bf216e1dce05ca9bf14049f2e42783c30:contrib/windeploy/win-codesign.cert > /tmp/new-win-codesign.cert
$ openssl cms -verify -inform pem -purpose any -content /tmp/new-win-codesign.cert -CAfile /tmp/old-win-codesign.cert -certfile /tmp/old-win-codesign.cert > /tmp/cert1
-----BEGIN PKCS7-----
MIIC3AYJKoZIhvcNAQcCoIICzTCCAskCAQExDzANBglghkgBZQMEAgEFADALBgkq
hkiG9w0BBwExggKkMIICoAIBATCBkTB8MQswCQYDVQQGEwJHQjEbMBkGA1UECBMS
R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9T
ZWN0aWdvIExpbWl0ZWQxJDAiBgNVBAMTG1NlY3RpZ28gUlNBIENvZGUgU2lnbmlu
ZyBDQQIRALWcUnSOxv9FQW3xdaMDO6swDQYJYIZIAWUDBAIBBQCggeQwGAYJKoZI
hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAwMzI0MjA0ODM3
WjAvBgkqhkiG9w0BCQQxIgQgtLkmnuSQyczDlJSnJeqbi61p3iJ/rpFABrY8JWBO
o74weQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASowCwYJYIZIAWUDBAEWMAsG
CWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEA
XaCl3Q8HwI9VpLCb9OY9eQh0QOPyl1KWEc3TP3UvwZwR4/gXkfPOKKf19UnS8eRB
48SgUKRMYWoDYfSVUJRMda9BLkbJbQlHG3LFXhSY2alajpPXEHcMto/XPhVAmqzL
w6aSNY0Gaorow696JHpetpKqAAlL1r2GjeaPYi2aZyIAifuhay/qwA+ig0SqzGOw
UdgFZWMyS5yanq8/WlLCCql6kKOzT4tEqUaleD7R1q8BTcG2+fmhWR8WwJLpIV6y
7GAqt0Cocu8sYpTNBNk8iKHxzZ2hMZKJpH9lHZuiJ/9vSercrvDy2R4/MG+KnBWb
OyiFAt2mC51+63RhLOMJfg==
-----END PKCS7-----
Verification successful
$ dos2unix /tmp/cert1
$ diff -s /tmp/cert1  /tmp/new-win-codesign.cert
Files /tmp/cert1 and /tmp/new-win-codesign.cert are identical
  10. laanwj merged this on Mar 25, 2020
  11. laanwj closed this on Mar 25, 2020
  12. laanwj cross-referenced this on Mar 26, 2020 from issue Renew Windows code-signing certificate by theuni
  13. MarkLTZ cross-referenced this on Apr 4, 2020 from issue Bitcoin PR tracking by MarkLTZ
  14. fanquake referenced this in commit 0d0dd6ae96 on May 20, 2020
  15. fanquake cross-referenced this on May 20, 2020 from issue [0.19] Backports by fanquake
  16. fanquake removed the label Needs backport (0.19) on May 20, 2020
  17. MarcoFalke referenced this in commit 28a9df7d76 on Aug 11, 2020
  18. bitcoin locked this on Feb 15, 2022
Contributors
achow101theunilaanwj
Labels
Windows

Milestone
0.20.0

Linked (view graph)
#15690 Renew Windows code-signing certificate#19025 [0.19] Backports
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-20 06:54 UTC