Changes between Version 6 and Version 7 of CodeSigning
- Timestamp:
- May 11, 2011, 9:01:09 PM (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
CodeSigning
v6 v7 6 6 7 7 * Choose a computer (an old, slow one is fine) to act as your "code signing machine". After being set up, this computer '''must remain physically secure and disconnected from the network''' (i.e. keep it in a locked room and put duct tape over its Ethernet port). You'll need a mechanism for moving files to and from the code-signing machine, such as a USB memory stick. 8 * Install [KeySetup crypt_prog] on the code signing machine (it's easiest if the machine runs Unix/Linux; Windows can be used but requires Visual Studio 2003).8 * Install [KeySetup crypt_prog] on the code signing machine (it's easiest if the machine runs Linux or Mac OS X; Windows can be used but requires Visual Studio 2005). 9 9 * Run `crypt_prog -genkey` to create a code-signing key pair. Copy the public key to your server. Keep the private key on the code-signing machine, make a permanent, secure copy of the key pair (e.g. on a CD-ROM that you keep locked up), and delete all other copies of the private key. 10 10 * To sign an executable file, move it to the code-signing machine, run `crypt_prog -sign` to produce the signature file, then move the signature file to your server.
