Changes between Version 1 and Version 2 of CodeSigning
- Timestamp:
- Apr 27, 2007, 11:06:02 AM (17 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
CodeSigning
v1 v2 6 6 7 7 * Choose a computer (an old, slow one is fine) to act as your "code signing machine". After being set up, this computer '''must remain physically secure and disconnected from the network''' (i.e. keep it in a locked room and put duct tape over its Ethernet port). You'll need a mechanism for moving files to and from the code-signing machine. A USB-connected disk or CD-RW will work, or if your files are small you can use a floppy disk. 8 * Install [ http://boinc.berkeley.edu/key_setup.php crypt_prog] on the code signing machine (it's easiest if the machine runs Unix/Linux; Windows can be used but requires Visual Studio 2003).8 * Install [KeySetup crypt_prog] on the code signing machine (it's easiest if the machine runs Unix/Linux; Windows can be used but requires Visual Studio 2003). 9 9 * Run `crypt_prog -genkey` to create a code-signing key pair. Copy the public key to your server. Keep the private key on the code-signing machine, make a permanent, secure copy of the key pair (e.g. on a CD-ROM that you keep locked up), and delete all other copies of the private key. 10 10 * To sign an executable file, move it to the code-signing machine, run `crypt_prog -sign` to produce the signature file, then move the signature file to your server.
