Changes between Version 14 and Version 15 of CodeSigning


Ignore:
Timestamp:
Aug 29, 2014, 1:28:23 PM (10 years ago)
Author:
davea
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • CodeSigning

    v14 v15  
    3333== Changing your code-signing key ==
    3434
    35 To change your project's code-signing key:
     35You can change your project's code-signing key at any point.
     36To make this invisible to users, you must do the following steps
     37(otherwise users will have to detach/reattach).
    3638
    37  * Generate a new key pair (do this on an offline machine).
    38  * In your project's 'keys' directory, put the old public key in a file 'old_key_0'.
    39  * Sign the new public key with the old private key, and put the signature in 'keys/signature_0'.
    40  * Release new versions of all apps, signed with the new key.
     39Note: the following requires that you upgrade your server software to
     40trunk as of at least 29 Aug 2014.
     41
     42On your code-signing machine:
     43
     44 * Rename your current key pair to '''old_key_private_i''' and '''old_key_i''' for the next available i
     45   (i.e. old_key_0, old_key_1 etc. is the history of your public keys).
     46 * Generate a new key pair, say '''code_sign_private''' and '''code_sign_public'''.
     47{{{
     48crypt_prog -genkey 1024 code_sign_private code_sign_public
     49}}}
     50 * Create a "stripped" version (removing the trailing \n) of the public key:
     51{{{
     52head -c -1 code_sign_public > code_sign_public_stripped
     53}}}
     54  (this is needed because 7.0+ clients strip \n from the end of keys).
     55 * For each old key i, sign both the original and stripped versions of the new public key:
     56{{{
     57crypt_prog -sign code_sign_public old_key_private_i > signature_i
     58crypt_prog -sign code_sign_public_stripped old_key_private_i > signature_stripped_i
     59}}}
     60 * Put '''code_sign_public''' and (for all i) '''old_key_i''', '''signature_i''', and '''signature_stripped_i'''
     61   on a USB memory stick.
     62 * Sign all your app version files with the new key; put these signatures on the memory stick also.
     63
     64On your project server:
     65
     66 * Stop the project.
     67 * Use update_versions to create new app versions, using the new file signatures.
     68 * Copy '''code_sign_public''' and (for all i) '''old_key_i''', '''signature_i''' and '''signature_stripped_i'''
     69   from the memory stick to your project's '''keys/''' directory.
     70 * Start the project.
    4171
    4272You might want to do this when your project goes public,
    4373you've started using an offline signing machine,
    4474and you don't want to force existing users to detach and reattach.
    45 
    46 If you change code-signing keys frequently,
    47 you can keep multiple (old key, signature) pairs,
    48 so that client that haven't connected in a long time will update successfully.
    49 If a client has a signing key that's not current, the server logic is:
    50 
    51  * Scan the keys/ directory for files '''old_key_i''' for i = 0, 1, ...
    52  * If one of these contains the key sent by the client,
    53    send the client the new key with the signature in '''signature_i'''.
    54 
    55 Note that '''signature_i''' contains a signature for the newest key,
    56 signed by the old key i.
    57 You must regenerate these when you issue a new key.