Releases: BitBoxSwiss/bitbox-bridge
v1.6.1
Release notes
- Fix accept/deny prompt on Windows
Note
This is a bugfix release is for Windows only. For the other
operating systems, use
v1.6.0.
Verifying the release
Get a public key of security@shiftcrypto.ch with fingerprint DD09 E413 0975 0EBF AE0D EF63 5092 49B0 68D2 15AE:
curl https://bitbox.swiss/download/shiftcryptosec-509249B068D215AE.gpg.asc | gpg --import
Download the bridge for your platform and the corresponding .asc file and place them in the same folder.
We will verify the signature of the Windows release as an example. The other files are verified in the same way by replacing the filename.
To verify the signature, execute:
gpg --verify BitBoxBridge-1.6.1-Win64-installer.exe.asc
You should see the following output:
gpg --verify BitBoxBridge-1.6.1-Win64-installer.exe.asc
gpg: assuming signed data in 'BitBoxBridge-1.6.1-Win64-installer.exe'
gpg: Signature made <DATE AND TIME>
gpg: using RSA key DD09E41309750EBFAE0DEF63509249B068D215AE
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]
(The [ultimate] could say [unknown] or something else depending on your trust level.)
v1.6.0
Release notes
- Prompt to accept/deny a host which is not explicitly allowed
Verifying the release
Get a public key of security@shiftcrypto.ch with fingerprint DD09 E413 0975 0EBF AE0D EF63 5092 49B0 68D2 15AE:
curl https://bitbox.swiss/download/shiftcryptosec-509249B068D215AE.gpg.asc | gpg --import
Download the bridge for your platform and the corresponding .asc file and place them in the same folder.
We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.
To verify the signature, execute:
gpg --verify BitBoxBridge-1.6.0-macOS-installer.pkg.asc
You should see the following output:
gpg --verify BitBoxBridge-1.6.0-macOS-installer.pkg.asc
gpg: assuming signed data in 'BitBoxBridge-1.6.0-macOS-installer.pkg'
gpg: Signature made <DATE AND TIME>
gpg: using RSA key DD09E41309750EBFAE0DEF63509249B068D215AE
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]
(The [ultimate] could say [unknown] or something else depending on your trust level.)
v1.5.1
Release notes
- Fix bug where on macOS 13.3, the bridge would register one BitBox02 twice
- Fix a bug on Windows 11 causing timeouts of BitBox02 workflows
Note
This is a patch release for macOS and Windows only.
Verifying the release
Note: the public key 1AA6 2C17 C56D 4275 A541 2320 9CD5 646C 0AD5 161E used to sign previous releases was revoked and replaced with the key DD09 E413 0975 0EBF AE0D EF63 5092 49B0 68D2 15AE for operational reasons. The new key is now hosted on the shiftcrypto.ch webserver.
Get a public key of security@shiftcrypto.ch with fingerprint DD09 E413 0975 0EBF AE0D EF63 5092 49B0 68D2 15AE:
curl https://bitbox.swiss/download/shiftcryptosec-509249B068D215AE.gpg.asc | gpg --import
Download the bridge for your platform and the corresponding .asc file and place them in the same folder.
We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.
To verify the signature, execute:
gpg --verify BitBoxBridge-1.5.1-macOS-installer.pkg.asc
You should see the following output:
gpg --verify BitBoxBridge-1.5.1-macOS-installer.pkg.asc
gpg: assuming signed data in 'BitBoxBridge-1.5.1-macOS-installer.pkg'
gpg: Signature made <DATE AND TIME>
gpg: using RSA key DD09E41309750EBFAE0DEF63509249B068D215AE
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]
(The [ultimate] could say [unknown] or something else depending on your trust level.)
v1.5.0
Release notes
- Whitelist adalite.io
- Update branding
Verifying the release
Get a public key of security@shiftcrypto.ch with fingerprint 1AA6 2C17 C56D 4275 A541 2320 9CD5 646C 0AD5 161E:
curl 'https://keys.openpgp.org/vks/v1/by-fingerprint/1AA62C17C56D4275A54123209CD5646C0AD5161E' | gpg --import
Download the bridge for your platform and the corresponding .asc file and place them in the same folder.
We will verify the signature of the macOS release as an example. The other files are verified in the same way by replacing the filename.
To verify the signature, execute:
gpg --verify BitBoxBridge-1.5.0-macOS-installer.pkg.asc
You should see the following output:
gpg --verify BitBoxBridge-1.5.0-macOS-installer.pkg.asc
gpg: assuming signed data in 'BitBoxBridge-1.5.0-macOS-installer.pkg'
gpg: Signature made <DATE AND TIME>
gpg: using RSA key 1AA62C17C56D4275A54123209CD5646C0AD5161E
gpg: Good signature from "ShiftCrypto Security <security@shiftcrypto.ch>" [ultimate]
(The [ultimate] could say [unknown] or something else depending on your trust level.)
v1.4.0
Release notes:
- Whitelist Chrome and Firefox extensions
- Fix a bug where the bridge crashes if a connected USB devices contains unicode in the HID device info (already in v1.3.1, which was tagged but not released)
v1.3.0
Release notes:
- Whitelist bity.com
- Enable builds for Apple's M1 aarch64 platform
- Produce amd64+aarch64 Apple's universal binary
In this release, Windows and macOS binaries are code-signed and notarized.
v1.2.0
v1.1.0
NickeZ
Niklas
133d25b
NickeZ
Niklas
Release news:
- Set ACAO to
*for error messages so that non-whitelisted origins can provide better error messages - Allow port to be set as CLI argument.
Notice: The installers are not signed yet.