Published on: 2013-08-07T08:41:54+00:00
In response to Wendell's query, members of the Bitcoin-development mailing list provide suggestions and recommendations for implementing an auto-updater in Hive's wallet app. One proposed solution involves using a distributor public key hardcoded in the software, where client software only trusts signed data from that key. The private key for this data should be kept offline, and when executing an upgrade, new checksums are signed offline and uploaded to the distribution server. Even if the server is compromised, the client-side software will not accept a bogus checksum because it won't bear the right signature.The discussion also highlights the importance of including digital signing in package authentication, rather than relying solely on a checksum. It is noted that a compromised host can change both the checksum and binaries undetectably. However, if there is a signature made by a key that is not kept on the host, it is impossible to fake a valid binary. This suggestion aims to enhance security and minimize damage in case of compromise.Additionally, the conversation mentions the possibility of implementing a revocation process in the event of the offline key being compromised. This process would involve broadcasting a revocation that forces clients to start rejecting updates from that key. If a compromise is detected, users will receive a warning to manually upgrade the software through trusted channels.While discussing auto-updaters, the thread veers off-topic briefly, with someone sharing information about getting SQL databases under version control. The email thread ends with links provided to the SQL database version control and Bitcoin-development mailing list for further reference.
Updated on: 2023-08-01T05:34:56.228075+00:00