Sign APK with TREZOR

[ligi]

Motivation:

• Hardware wallets like the TREZOR can be a great and secure way to sign APKs
• Currently I am signing WallETH with an old separate offline laptop - but the process is painful (USB stick juggling) and when I am on the road I most of the time do not have this offline laptop with me - this might be bad if e.g. a urgent HotFix is needed
• Backups of signing keys are important - if you loose your key you are not able to publish an update of the app anymore - usually people do backups of their hardware wallet - so this could also be a good argument for using a HardWare wallet here
• Signing keys are often not handled with the care they deserve (I have seen companies having them on the CI-Server with the potential of extracting them with a PR ..) If the process is easy with a Hardware wallet perhaps we can convince more people to treat signing keys with more respect

Bounty acceptance criteria:

• Deliver a small CLI program that allows to sign APKs with a TREZOR
• That program should be written in Kotlin or Java - I would prefer Kotlin. Limiting the languages has 2 main reasons: 1) I want to be able to give it a meaningful review 2) Make a potential future reuse in an Android app easier
• Should not need modifications of the TREZOR firmware (If there are good reasons that this is needed there might be an exemption - e.g. if one would go the extra mile of supporting RSA to lower the minSDK)
• Support signature scheme v1 and optionally v2 - but at least v1 so we do not have a high impact on the minSDK
• support to specify a derviation path so different APKs can be signed with different keys

Links:

• here some examples of ECDSA signed apk's:
  https://android.googlesource.com/platform/cts/+/android-n-mr1-preview-1/hostsidetests/appsecurity/res/pkgsigverify?autodive=0%2F%2F
• introduction of ECDSA support for signatures in Android: https://issuetracker.google.com/issues/36956587
• Tweet by prusnak about the possibility of this: https://twitter.com/pavolrusnak/status/982944347418177536
• APKSigner source: https://android.googlesource.com/platform/build/+/8740e9d/tools/apksigner/core/src/com/android/apksigner/core/

[issueth]

This issue now has a bounty-address via issuETH.

Your bounty-address is eabf879012b5aa7968103bf9c932b7e3ca27744b
Watch on rinkeby
Watch on main

[ligi]

We might be able to use signature scheme v3 : https://developer.android.com/preview/features/security-behav.html

[ligi]

Interesting tweet by @prusnak https://twitter.com/pavolrusnak/status/982944347418177536 - not yet sure if he means ECDSA signatures here or also sees a way for RSA signatures already. I think we still need RSA to not need to increase the minSDK too much.

[prusnak]

We don't plan to include RSA in TREZOR, so this is about ECDSA only.

[ligi]

thanks for the info! Too bad - hoped a bit for RSA - will have to think about this a bit deeper - perhaps make a special flavor that is signed with the TREZOR that is minSDK 18 (for the record here the issue with the info that it is introduced with 18: https://issuetracker.google.com/issues/36956587 )
Do you have a link with some information what the problem with including RSA is?

[prusnak]

Every key in TREZOR comes from a deterministic hierarchy. While for ECDSA it's (almost) true that any 256-bit random number is a private key, this is not true for RSA (as keys need to be a prime couple). Thus there is not an obvious way how to generate RSA key from hierarchy- deterministic wallet.

[ligi]

Ah I see. My thinking was the following: the RSA key is encrypted on the SD-Card that is now available on the model T ..

[ligi]

here some examples of ECDSA signed apk's:
https://android.googlesource.com/platform/cts/+/android-n-mr1-preview-1/hostsidetests/appsecurity/res/pkgsigverify?autodive=0%2F%2F

[ligi]

when digging a bit deeper I found this - so I will have to use SHA-1 - don't really want to use minSDK 21 - minSDK 18/19 is my acceptance limit currently.

} else if ("DSA".equalsIgnoreCase(keyAlgorithm)) {
            // Prior to API Level 21, only SHA-1 can be used with DSA                                                                             
            if (minSdkVersion < 21) {
                return DigestAlgorithm.SHA1;
            } else {
                return DigestAlgorithm.SHA256;
            }
        }

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This issue now has a funding of 0.3 ETH (183.28 USD @ $610.92/ETH) attached to it.

• If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $21,377.59 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

@omar408 Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

• warning (3 days)
• escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[omar408]

Yea I'm stil working on it

[ceresstation]

@omar408 Hey Omar, unfortunately since we haven't seen a WIP PR in 8 days we're going to have to pull this one back to the crowd pretty soon. If you have any significant progress to show please respond with it so we can keep you on :)

[gitcoinbot]

@omar408 Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

• warning (3 days)
• escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[ceresstation]

@rafaelboyero Hi Rafael, thanks for taking on this issue! Can you confirm that you're ready and able to turn around this issue? I just want to double check as I don't see any activity on your account. Please let us know within 24 hours to stay on the bounty :)

[gitcoinbot]

@rafaelboyero Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

• warning (3 days)
• escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[gitcoinbot]

@rafaelboyero Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

• warning (3 days)
• escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[ceresstation]

Hey @rafaelboyero unfortunately we'll have to return this issue to the crowd. If you think we've made a mistake please let us know!

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

The funding of this issue was increased to 0.55 ETH (240.69 USD @ $437.61/ETH).

• If you would like to work on this issue you can claim it here.
• If you've completed this issue and want to claim the bounty you can do so here
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $22,904.09 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

The funding of this issue was increased to 0.8 ETH (326.67 USD @ $408.33/ETH) .

• If you want to claim the bounty you can do so here
• Want to chip in? Add your own contribution here.
• Questions? Checkout Gitcoin Help or the Gitcoin Slack
• $24,898.94 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

@kenovska Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

• warning (3 days)
• escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[ghost]

Have acquired a Trezor hardware wallet (Trezor One).
Will receive this weekend and work with that.

[ligi]

@kenovska Great! Happy coding!!

[gitcoinbot]

@kenovska Hello from Gitcoin Core - are you still working on this issue? Please submit a WIP PR or comment back within the next 3 days or you will be removed from this ticket and it will be returned to an ‘Open’ status. Please let us know if you have questions!

• warning (3 days)
• escalation to mods (6 days)

Funders only: Snooze warnings for 1 day | 3 days | 5 days | 10 days | 100 days

[ghost]

Still working on it, here is an update:

I have the trezor wallet in my power, and apparently the only type of ECDSA supported by both the device and the different APK signing schemes is NIST P-256.

As a consequence, only this type of elliptic curve will be supported, if this project arrives to completion.

I have my doubts of the feasibility of this project without delivering a modified firmware for the device the same way SSH key storage support is achieved, although I still have to explore the android-library to verify this.

The nearest thing to signing an APK with the Trezor already implemented is signing a transaction, which occurs inside the device as the private key cannot leave the Trezor as far as I understood from the API workflows docs.

This signing is made by parts, as the Trezor only has 64KB of memory versus the hundreds of KB a transaction may have. The hashing is made inside the Trezor.

The only feasible way I imagine an APK signature can be done is by obtaining the digest of the APK in the computer, sending it to the Trezor, signing it inside the device as if it where a transaction, then retrieving the signature and incorporate it on the signature scheme.

This might imply that the key pair used would be the same as for a bitcoin wallet. A developer would use a bitcoin account to sign her apps.

I will explore this course of action in the following days.

That is all for now.

[prusnak]

You should look at SignIdentity message. SignTx will not help you in what you are trying to achieve.

[ghost]

You should look at SignIdentity message. SignTx will not help you in what you are trying to achieve.

Thanks for the tip! I will look onto it.

PROGRESS: Working on connecting to the Trezor by USB using HID.

[ceresstation]

@ghost any updates on this? Thanks!

[prusnak]

@ceresstation ghost is a Github fake user which is shown when the original user has deleted their account. So I guess, there won't be any updates on this.

This issue is a very good and sad manifestation of how bounties rarely work in open source. If you don't have internal motivation to work on stuff, money won't help you that much.

[ligi]

Closing this issue as this does not seem to go anywhere and I think I will go the java-card way here now. So I think the bounty should better go to: trezor/trezor-android#29