search

thunderbird / thunderbird-android

Thunderbird for Android – Open Source Email App for Android (fka K-9 Mail)
https://thunderbird.net/mobile
Apache License 2.0
10.75k stars 2.5k forks source link

signing key issue #8077

Open IzzySoft opened 2 months ago

IzzySoft commented 2 months ago

Checklist

App version

any

Where did you get the app from?

Other

Android version

n/a

Device model

n/a

Steps to reproduce

verify signing certificate of the APK

Expected behavior

verifies without warnings

Actual behavior

verifies with warnings

I'm speaking about the APKs attached to the Github releases here. Output of verification is as follows:

package: name='com.fsck.k9' versionCode='38004' versionName='6.804' platformBuildVersionName='14' platformBuildVersionCode='34' compileSdkVersion='34' compileSdkVersionCodename='14'
Verifies
Verified using v1 scheme (JAR signing): true
Verified using v2 scheme (APK Signature Scheme v2): true
Verified using v3 scheme (APK Signature Scheme v3): false
Verified using v4 scheme (APK Signature Scheme v4): false
Verified for SourceStamp: false
Number of signers: 1
Signer #1 certificate DN: CN=Jesse Vincent, OU=Open Source Labs, O=fsck.com, L=Somerville, ST=MA, C=US
Signer #1 certificate SHA-256 digest: 55c8a523b97335f5bf60dfe8a9f3e1dde744516d9357e80a925b7b22e4f55524
Signer #1 certificate SHA-1 digest: 0f1f3252cba1c94ddd6186dad5a035e96c6ee5e3
Signer #1 certificate MD5 digest: 3b2f02b55d0a4c1eddb0955458900e02
Signer #1 key algorithm: RSA
Signer #1 key size (bits): 1024
Signer #1 public key SHA-256 digest: 73f59e6b43144cbc9f2bd21a64fde57c07713d2e36eddb52ef86a0ee12d80f93
Signer #1 public key SHA-1 digest: 09c5ad33f2256ca33b98526ed816e82e06d5b2b0
Signer #1 public key MD5 digest: 44a3ec31b79d163da21c1acb5568a6b4
Signature algorithm name: MD5withRSA (disabled)
Subject Public Key Algorithm: 1024-bit RSA key (weak)
The certificate uses the MD5withRSA signature algorithm which is considered a security risk and is disabled.
The certificate uses a 1024-bit RSA key which is considered a security risk. This key size will be disabled in a future update.

As in this text quote colors are not visible, let me add it as screenshot from the terminal to directly point to the issue in question:

image

So apart from not having v3 signing, the red points are raising eyebrows: a 1024-bit RSA key using MD5withRSA, marked as security risk and being "disabled". While the signature is valid, this might cause the APK to be not accepted by several systems.

Is an upgrade of the signing key planned? Should that need a new key, there's always Signing Key Rotation – though only for Android 9 and newer (while k9/Thunderbird supports Android 5+; so for those on Android versions below 9, that would then mean uninstall/reinstall and probably also reconfiguration).

Logs

No response

obfusk commented 2 months ago

though only for Android 9 and newer (while k9/Thunderbird supports Android 5+; so for those on Android versions below 9, that would then mean uninstall/reinstall and probably also reconfiguration).

You could keep signing with both keys (would require a v1+v2+v3 signature). Android < 7 will only see the v1 using the old key. Android >= 7 < 9 will see the v2 using the old key. Android >= will see the v3 with the new, more secure, key. It would at least be better than simply keeping the current insecure key for all Android versions, though I'm reluctant to recommend it over a full switch to a more secure key (with only a short overlap period for rotation).

wmontwe commented 2 months ago

Thanks for raising awareness. The app is quite old, and its signing key is no longer as secure as it should be.

As many of our users still rely on older Android versions, we would like to keep support as long as there is official support and a reasonable ammount of active users. So switching to a new signing key is currently not an option, as it would break compatibility.

We're considering implementing multi-signing, which would improve security for newer Android versions while continuing to support our older user base.