Breakage of SQRL's Auto-Update Feature

Not open for further replies.


Staff member
May 6, 2018
:: Notice ::

If you are running a version of GRC's SQRL client earlier than Release #66, you will need to manually download and run the latest release manually:

You can get the newest release here:

More info, if you're curious:
I didn't handle the switchover in code signing certificates as gracefully as I could have. SQRL protects itself from downloading and installing a malicious instance of itself by verifying both the "signer" and the certificate "issuer" of any update it downloads -- before it renames it as an executable. But when I recently switched certificate types, I didn't notice that the issuer string had also changed. So the older SQRL release would not recognize the newer SQRL release as legitimate. (And it never will.) So... when your older SQRL (earlier than release 66) sees that a newer SQRL is available, you will need to download the newer one manually and just run it. It will see that an older one is already installed and will replace it for you. From then on you'll be good to go!
Not open for further replies.