Protect Your Private Keys: Three Easy Steps for Safe Code-Signing
A recent article by the Microsoft malware protection center, “Be a real security pro – Keep your private keys private,” reminded me of some best practices. There are far too many cases of illegitimate code being signed by a stolen private key for legitimately signed code-signing certificates. In these cases, the owners of the private [Read More...]
Code Signing: Best Practices
The biggest issue with code signing is the protection of the private signing key associated with the code signing certificate. If the key gets compromised, then your certificate is worthless. A compromised key may also jeopardizethe software that you have already signed. Here are some best practices for code signing: 1. Minimize access to private [Read More...]
What is Time-Stamping?
What happens to signed code when the code signing certificate expires? In many cases, an expired certificate means that the signature validation will fail and a trust warning will appear in the browser. Time-stamping was designed to alleviate this problem. The idea is that at the time, at which the code is signed, the certificate [Read More...]