search

Kunzisoft / KeePassDX

Lightweight vault and password manager for Android, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
https://www.keepassdx.com/
GNU General Public License v3.0
4.28k stars 261 forks source link

better way to verify GitHub APK files #1810

Closed ghost closed 1 month ago

ghost commented 2 months ago

Verifying the signing certificate hash is way better than verifying the hash of the apk files, because it does not change at all, and it will be very noticeable if it was changed from the README.md file than just GitHub release notes.

And you will not have to calculate the hash and publish it in the future, so less work for you.

Please consider adding it and tell me if there is anything that you need me to add or remove.

J-Jamet commented 2 months ago

This is a good addition, but there should be a command that clearly indicates if there is an error, here there is simply nothing to display, which is confusing for the user.

ghost commented 2 months ago

Well, what are you thinking about exactly?

Should I make an if condition that prints a warning if the app is not legit? Something like:

signature_hash=$(keytool -printcert -jarfile KeePassDX-*-libre.apk | grep 'SHA256:')
if [[ "$signature_hash" == *"7D:55:B8:AF:21:03:81:AA:BF:96:0F:07:E1:7C:F7:85:7B:6D:2A:64:2C:A2:DA:6B:F0:BD:F1:B2:00:36:2F:04"* ]] ; then 
  echo "The app is legit"
else
  echo "The app is not legit"
fi

Or we can make it interactive by prompting the user to copy the valid hash from GitHub and paste it in the Terminal so the hash will be always isolated and very noticeable in public. Like:

signature_hash=$(keytool -printcert -jarfile KeePassDX-*-libre.apk | grep 'SHA256:')
echo "Please enter the valid signature hash from GitHub."
read valid_signature_hash
if [[ "$signature_hash" == *$valid_signature_hash* ]] ; then 
  echo "The app is legit"
else
  echo "The app is not legit"
fi

My old method is just as yours but I am relying on the signature hash for the reasnons I gave you. Which I believe is good because it relies on the user to compare, and I made it in such a way so it does not even print the hash if it is wrong.

Looking forward to get some sugestions.

J-Jamet commented 2 months ago

Should I make an if condition that prints a warning if the app is not legit?

It's clearer but takes several lines. I approve of the PR, we can improve it later.

J-Jamet commented 2 months ago

Merged in develop

ghost commented 2 months ago

No problem.