Changes between Version 2 and Version 3 of CodeSigning
- Timestamp:
- Jan 8, 2008, 3:05:49 PM (16 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
CodeSigning
v2 v3 12 12 13 13 There are less-secure variants; e.g. you could keep the private key on a CD-ROM that is only mounted during signature generation, on a machine that is disconnected during signature generation. But we do not recommend this; a hacked computer could be running a hidden program that steals the private key and transmits it when the computer is connected again. 14 15 == Changing your code-signing key == 16 17 To change your project's code-signing key: 18 19 * Generate a new key pair (do this on an offline machine). 20 * In your project's 'keys' directory, put the old public key in a file 'old_key_0'. 21 * Sign the new public key with the old private key, and put the signature in 'keys/signature_0'. 22 23 You might want to do this when your project goes public, 24 you've started using an offline signing machine, 25 and you don't want to force existing users to detach and reattach.