Comments (6)
We're happy to start providing GPG signatures. We'll code it into our release system for the next release.
from core.
If an attacker can replace the binaries then they can also replace the signatures.
Can the software or the signature be stored in a crypto ledger instead of on some host?
from core.
As long as ToastWallet's private key isn't compromised and you had their original public key saved somewhere (or lacking that, the key ID verified from (preferably several) outside sources) you would be able to spot altered releases even if they did that since the fake signatures won't verify unless you use the fake public key that goes with them.
from core.
Hi guys
The phone builds are signed in order to be included in their respective App Stores. The Windows builds are digitally signed using our code signing certificate. You can verify these by right clicking the executable/appx and clicking properties then clicking the Digital Signatures tab. The signing regime in Windows is quite strong.
Mac builds are also signed, although the dmg itself is not. Extract the dmg and check the digital signature with a command like: code sign -dv --verbose=4 /path/to/ToastWallet.app
We have been meaning to provide manual signatures for the AppImage since as far as we know there isn't a way to sign AppImages at the moment -- or at least electron builder didn't support it when we set up our build scripts. We will get on that soon. In the meantime we've begun uploading release binaries to GitHub, that should offer a second layer of assurance to anyone who is uncertain.
from core.
I was using the AppImage with no signature hence the ticket but having to find and verify different embedded signatures isn't that great either IMO.
It's become pretty mainstream to release PGP signatures and the people who care will all know how to use them. It shouldn't take too long to implement either.
It's up to you guys but that's the direction I'd go :-)
from core.
That's great, thanks.
from core.
Related Issues (20)
- Linux build? HOT 1
- running in web server documentation? HOT 1
- Account not activated after restore HOT 1
- Copy button does Not work...
- Deeplinks die at pin entry screen HOT 2
- navigator.connection.type == 'Connection.NONE' HOT 1
- Feature request - Allow restore of Ripple wallet using HEX private key from wallet apps using BIP44. HOT 2
- Harfbuzz version too old (1.3.1) HOT 8
- PIN keyboard partially disappears while entering code HOT 6
- Feature Request/ Inquiry - Android Intent to load with receivers address HOT 3
- Backup code toast wallet, XRP
- Backup code on toast wallet, XRP HOT 1
- Unfunded Error Despite Retaining 20 XRP
- Issues with Recovery Phrase HOT 1
- The phone on which toast wallet was installed is broken
- XRP wallet now says not activated
- Error msg when sending XRP from Toast to Kraken. HOT 3
- My wallet is gone after update canβt restore I have wallet address HOT 2
- Funds freeze in Toast Wallet HOT 1
- ToastWallet send 9 XRP to YOUR Wallet HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from core.