161

Signal on F-droid Guardian Repo

posted
*
by
Avatar
sic_semper_tyrannis@lemmy.today
in
Avatar
privacy@lemmy.ml
48 comments
hidereport

I just noticed today that Signal (not talking Molly) is now available on F-Droid via the โ€œGuardianโ€ repository.

Just wanted to give everyone a heads up.

Sort:
HotTopControversialNewOld
You are viewing a single thread.
View all comments View context
Avatar
Andromxda ๐Ÿ‡บ๐Ÿ‡ฆ๐Ÿ‡ต๐Ÿ‡ธ๐Ÿ‡น๐Ÿ‡ผ@lemmy.dbzer0.com
21 points
*

I think they ship prebuilt binaries, i.e. the exact same ones you find on the Signal website

AFAIK this also applies to Tor Browser, Orbot and other third-party apps distributed by Guardian

Edit: I downloaded the files and manually verified the signatures. They are indeed the exact same files.

Because I didnโ€™t really know how to grab an APK from the Guardian F-Droid repo, I used their S3 bucket and downloaded the Signal APK. Itโ€™s named Signal-Android-website-prod-universal-release-7.30.2.apk, which is the exact same file name as the one of the APK you can get from the Signal website.

I then used keytool to print the signature certificate fingerprint: (renamed the files to make it less confusing)

keytool -printcert -jarfile signal-website.apk

Signer #1:

Certificate #1:
Owner: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Issuer: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Serial number: 4bfbebba
Valid from: Tue May 25 17:24:42 CEST 2010 until: Tue May 16 17:24:42 CEST 2045
Certificate fingerprints:
	 SHA1: 45:98:9D:C9:AD:87:28:C2:AA:9A:82:FA:55:50:3E:34:A8:87:93:74
	 SHA256: 29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0:EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26
Signature algorithm name: SHA1withRSA (weak)
Subject Public Key Algorithm: 1024-bit RSA key (weak)
Version: 3

keytool -printcert -jarfile signal-guardian.apk

Signer #1:

Certificate #1:
Owner: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Issuer: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Serial number: 4bfbebba
Valid from: Tue May 25 17:24:42 CEST 2010 until: Tue May 16 17:24:42 CEST 2045
Certificate fingerprints:
	 SHA1: 45:98:9D:C9:AD:87:28:C2:AA:9A:82:FA:55:50:3E:34:A8:87:93:74
	 SHA256: 29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0:EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26
Signature algorithm name: SHA1withRSA (weak)
Subject Public Key Algorithm: 1024-bit RSA key (weak)
Version: 3

The fingerprints are identical.

Another edit: I just noticed that Signal even has official instructions for checking the signature on their APK download page. They use apksigner instead of keytool, but itโ€™s basically the same process.

permalink
report
parent
reply
Avatar
sic_semper_tyrannis@lemmy.todayOP
5 points

Thanks for doing this!

permalink
report
parent
reply
Avatar
Andromxda ๐Ÿ‡บ๐Ÿ‡ฆ๐Ÿ‡ต๐Ÿ‡ธ๐Ÿ‡น๐Ÿ‡ผ@lemmy.dbzer0.com
3 points

Takes like 2 minutes ๐Ÿ˜…

permalink
report
parent
reply
Avatar
QuazarOmega@lemy.lol
3 points

You have quite a bit of background knowledge to know how to do that though, you should give yourself more credit!

permalink
report
parent
reply
Show more comments

Privacy

!privacy@lemmy.ml

Create post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isnโ€™t great, if contents of the website are behind a paywall maybe copy them into the post
  • Donโ€™t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

Community stats

  • 7.3K

    Monthly active users

  • 3.2K

    Posts

  • 87K

    Comments

Community moderators