On 04/04/2018 19:41, Stefan Weil wrote:
> Am 04.04.2018 um 18:11 schrieb Paolo Bonzini:
>> On 04/04/2018 17:55, Stefan Weil wrote:
>>> By the way: https://qemu.weilnetz.de provides https (maybe I should
>>> enforce it), it includes sha512, and I also sign the binaries with my
>>> key. You still have to trust me, Debian and Cygwin (which provides lots
>>> of libraries used for the build).
>>
>> Cool!  I had noticed sha512, but it is not very useful without https
>> (except to verify bitflips).  Good news that you support https, we
>> should change the website to use https links instead.
>>
>> Regarding signing, there is no GPG signature.  That's okay, but we
>> should document how to verify the installer signature from either Linux
>> or Windows.
>>
>> Thanks,
>>
>> Paolo
> 
> 
> The executables (installer, installed exe files) are signed using
> osslsigncode (https://packages.debian.org/sid/otherosfs/osslsigncode)
> and my personal CACert key for code signing.
> 
> The signatures can be checked on Windows (e.g. during the installation
> process or from Windows Explorer with file properties) or on Linux (see
> example below). That's Windows standard. The only problem is that
> Windows does not automatically accept CACert keys (and that I have no
> better key for code signing).

Very good, thanks.  I'll add that information to the wiki.

Paolo

> Stefan
> 
> 
> $ osslsigncode verify /var/www/html/w32/qemu-w32-setup-20180321.exe
> Current PE checksum   : 04D7CD55
> Calculated PE checksum: 04D7CD55
> 
> Message digest algorithm  : SHA1
> Current message digest    : B2B13EB4765B4708D999BE3E4893915BBCAB0F8E
> Calculated message digest : B2B13EB4765B4708D999BE3E4893915BBCAB0F8E
> 
> Signature verification: ok
> 
> Number of signers: 1
>       Signer #0:
>               Subject: /CN=Stefan Weil/emailAddress=s...@weilnetz.de
>               Issuer : /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing
> Authority/emailAddress=supp...@cacert.org
>               Serial : 0D6AA6
> 
> Number of certificates: 2
>       Cert #0:
>               Subject: /CN=Stefan Weil/emailAddress=s...@weilnetz.de
>               Issuer : /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing
> Authority/emailAddress=supp...@cacert.org
>               Serial : 0D6AA6
>       ------------------
>       Cert #1:
>               Subject: /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing
> Authority/emailAddress=supp...@cacert.org
>               Issuer : /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing
> Authority/emailAddress=supp...@cacert.org
>               Serial : 0
> 
> Succeeded
> 


Reply via email to