Changes between Version 2 and Version 3 of CodeSigning


Ignore:
Timestamp:
Jan 8, 2008, 3:05:49 PM (16 years ago)
Author:
davea
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • CodeSigning

    v2 v3  
    1212
    1313There are less-secure variants; e.g. you could keep the private key on a CD-ROM that is only mounted during signature generation, on a machine that is disconnected during signature generation. But we do not recommend this; a hacked computer could be running a hidden program that steals the private key and transmits it when the computer is connected again.
     14
     15== Changing your code-signing key ==
     16
     17To change your project's code-signing key:
     18
     19 * Generate a new key pair (do this on an offline machine).
     20 * In your project's 'keys' directory, put the old public key in a file 'old_key_0'.
     21 * Sign the new public key with the old private key, and put the signature in 'keys/signature_0'.
     22
     23You might want to do this when your project goes public,
     24you've started using an offline signing machine,
     25and you don't want to force existing users to detach and reattach.