On 04/04/2018 19:41, Stefan Weil wrote: > Am 04.04.2018 um 18:11 schrieb Paolo Bonzini: >> On 04/04/2018 17:55, Stefan Weil wrote: >>> By the way: https://qemu.weilnetz.de provides https (maybe I should >>> enforce it), it includes sha512, and I also sign the binaries with my >>> key. You still have to trust me, Debian and Cygwin (which provides lots >>> of libraries used for the build). >> >> Cool! I had noticed sha512, but it is not very useful without https >> (except to verify bitflips). Good news that you support https, we >> should change the website to use https links instead. >> >> Regarding signing, there is no GPG signature. That's okay, but we >> should document how to verify the installer signature from either Linux >> or Windows. >> >> Thanks, >> >> Paolo > > > The executables (installer, installed exe files) are signed using > osslsigncode (https://packages.debian.org/sid/otherosfs/osslsigncode) > and my personal CACert key for code signing. > > The signatures can be checked on Windows (e.g. during the installation > process or from Windows Explorer with file properties) or on Linux (see > example below). That's Windows standard. The only problem is that > Windows does not automatically accept CACert keys (and that I have no > better key for code signing).
Very good, thanks. I'll add that information to the wiki. Paolo > Stefan > > > $ osslsigncode verify /var/www/html/w32/qemu-w32-setup-20180321.exe > Current PE checksum : 04D7CD55 > Calculated PE checksum: 04D7CD55 > > Message digest algorithm : SHA1 > Current message digest : B2B13EB4765B4708D999BE3E4893915BBCAB0F8E > Calculated message digest : B2B13EB4765B4708D999BE3E4893915BBCAB0F8E > > Signature verification: ok > > Number of signers: 1 > Signer #0: > Subject: /CN=Stefan Weil/emailAddress=s...@weilnetz.de > Issuer : /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing > Authority/emailAddress=supp...@cacert.org > Serial : 0D6AA6 > > Number of certificates: 2 > Cert #0: > Subject: /CN=Stefan Weil/emailAddress=s...@weilnetz.de > Issuer : /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing > Authority/emailAddress=supp...@cacert.org > Serial : 0D6AA6 > ------------------ > Cert #1: > Subject: /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing > Authority/emailAddress=supp...@cacert.org > Issuer : /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing > Authority/emailAddress=supp...@cacert.org > Serial : 0 > > Succeeded >