search

namecoin / ncdns-nsis

NSIS scripts for ncdns.
https://www.namecoin.org/
GNU General Public License v3.0
3 stars 8 forks source link

Uninstaller should remove certs and pins #6

Open JeremyRand opened 7 years ago

JeremyRand commented 7 years ago

The ncdns uninstaller should remove all Namecoin certificate blobs from the Windows Registry, and remove the Namecoin HPKP pin from Chromium. (In that order.)

hlandau commented 7 years ago

Can you elaborate as to what registry keys should be removed and how the pin should be removed?

JeremyRand commented 7 years ago

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

Hugo Landau:

Can you elaborate as to what registry keys should be removed and how the pin should be removed?

It's probably going to need some simple Go code. The certinject library has a mechanism for cleaning old Namecoin certs from the trust store; we can probably repurpose that to delete all the Namecoin certs on uninstall. The key pin can be removed by removing the "bit" pin from the TransportSecurity JSON file (very similar process to inserting the pin, which presumably is dependent on me actually writing the code to insert the pin).

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJZNSc+AAoJELPy0WV4bWVwSUYQAJW+WdyeECCLDVRmMoRwjXDC FMhUyf+jarSvGuMoRK3Zv+H83tEA2s/lW2ccYZ7dhUf6nfhu0koWeUenFIDu1/KU AF/IIc9Ty94xS4fyCtTNAjTqMLduxPRJyHen4V6Pu+o01WRiLDNSxjWmH9zhsOx4 0nR0GuVVUAbPcYTSmsi17w3u8prNnZrQBZEHlnSwYkqv04qIBl8F74tHTClQBPB+ 6zJw+Ioh6ssb+Ch6txDHMVKOBCZj2CdCcAZvGaTwoReYHjpi0QVJlE7UTgMYZ1in /1tzTTD7Gs2I5QdwLDdQLMUWPQz7yjEhSLJFyh7sX/H+JkBq27I2a8PeBTWMEPx1 6oqPr0dnRzp95ISBt+HXvwCrRfHUVgnMfIoY+4kT3rfGsPrgLVQGNmv5IiULhJY3 shlg+aYBhj4H/HdW6tJdxReRhLb69idUbTCyOETsd4JuN5Kyg2Wj5bLOkPswmzNz ki4xe5sfcU6AH+1NIaJlLIjw9oReaiPT60cA6uOu02zJ1Xvl+LQUywpBxmu2NdiV eqmCbFAYWRbByank/77jyzOmGEw0O26SWqFxDU8h5NzGXnZUqrPuF2ZQSWx+559n AuiSc+JgY5Ba066x4ouSWgysG0FJADeAJxgWILKS9kIN8ZzQRwe9VHXJh6moP741 CksREgA6+4plWlRQqI3c =tZuT -----END PGP SIGNATURE-----

JeremyRand commented 7 years ago

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

JeremyRand:

The key pin can be removed by removing the "bit" pin from the TransportSecurity JSON file (very similar process to inserting the pin, which presumably is dependent on me actually writing the code to insert the pin).

The pin-inserting code is now written, see https://github.com/namecoin/ncdns/pull/21

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJZQv10AAoJELPy0WV4bWVwb/YP/3jNrwHsylaodK2OCM1Brlmv FuFx+SE5ndSn4KzOMP2xPK0qhhEbVmCxWxkHfl6P4B9UhB49bQcZz1ly0fsuquV3 xC6jPY5vu1gEgq9hLRwhnVd+F95pLm7ljQphwssFihlg+fva4qQvNqeY/IpuPGFD u+8QicyVhZi47vmpMTXFE3wG0vp2B2fDmobCr0xRIoy3KvkUL85Y9qMdeeglsc2e ktZTfCeqZOIJfhHo/Q5zrxTwbeGA+Ec0HzzrQDRy0HtIVMAkt3hjpekXIINXV5gu 9VatBFFJH0ad/Wu8YhB5lTn0d4pBnRToLO3si2edugurW42yDJ8XkbFp7/qdYS44 9sx8lQ2Vw7jbnbGwi7r509u9sFQ6r1gL49Djy7aBp8wWfT5gtPnTcZXdMfZegpxa lVdPGvTw+btCNjeXO6+7VlEuQdZqEToSNgQU5RsPyAnSN8TYXYp7smxmOANU9lZn ZNkDVzFx+bZyeL+1Fh0vH5UfiNXB5w4dnPSw+nlDlWLofskSLgsgbMSOMTviZyyx gX5/td7e7gA6VGktF5i2Y0R12+YyUTS/CIuFL5HlEOeQOMZrc5v+uaCBepklY3Mw 1JZrkS/bAgDaVOZHUYHs98TSjJgNYcdsJ7L+vhVXm52nhEIfKCZcecSpZDA5kH3q 5pNoIEsYkKc2G64kc0hf =uKSr -----END PGP SIGNATURE-----