Breakage of SQRL's Auto-Update Feature


Status
Not open for further replies.

Steve

Administrator
Staff member
May 6, 2018
1,016
307
www.grc.com
:: Notice ::

If you are running a version of GRC's SQRL client earlier than Release #66, you will need to manually download and run the latest release manually:

You can get the newest release here: https://www.grc.com/dev/sqrl.exe

More info, if you're curious:
I didn't handle the switchover in code signing certificates as gracefully as I could have. SQRL protects itself from downloading and installing a malicious instance of itself by verifying both the "signer" and the certificate "issuer" of any update it downloads -- before it renames it as an executable. But when I recently switched certificate types, I didn't notice that the issuer string had also changed. So the older SQRL release would not recognize the newer SQRL release as legitimate. (And it never will.) So... when your older SQRL (earlier than release 66) sees that a newer SQRL is available, you will need to download the newer one manually and just run it. It will see that an older one is already installed and will replace it for you. From then on you'll be good to go!
 
Status
Not open for further replies.