Changes between Version 7 and Version 8 of CodeSigning


Ignore:
Timestamp:
Nov 8, 2011, 7:13:43 AM (12 years ago)
Author:
alexwork80
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • CodeSigning

    v7 v8  
    55'''It is important that you use a proper code-signing procedure for publicly-accessible projects. If you don't, and your server is broken into, hackers will be able to use your BOINC project to distribute malware. This could result in the end of your project, and will negatively impact all BOINC projects.'''
    66
    7  * Choose a computer (an old, slow one is fine) to act as your "code signing machine". After being set up, this computer '''must remain physically secure and disconnected from the network''' (i.e. keep it in a locked room and put duct tape over its Ethernet port). You'll need a mechanism for moving files to and from the code-signing machine, such as a USB memory stick.
     7 * Choose a computer (an old, slow one is fine) to act as your "code signing machine". After being set up, this computer '''must remain physically secure and disconnected from the network''' (i.e. keep it in a locked room and put duct tape over its Ethernet port). You'll need a mechanism for moving files to and from the code-signing machine, such as a USB memory stick.<span class="plainlinks">[http://www.yourgoalbook.com/<span style="color:black;font-weight:normal; text-decoration:none!important; background:none!important; text-decoration:none;">Goal Setting</span>]
    88 * Install [KeySetup crypt_prog] on the code signing machine (it's easiest if the machine runs Linux or Mac OS X; Windows can be used but requires Visual Studio 2005).
    99 * Run `crypt_prog -genkey` to create a code-signing key pair. Copy the public key to your server. Keep the private key on the code-signing machine, make a permanent, secure copy of the key pair (e.g. on a CD-ROM that you keep locked up), and delete all other copies of the private key.
    1010 * To sign an executable file, move it to the code-signing machine, run `crypt_prog -sign` to produce the signature file, then move the signature file to your server.
    11  * Use [UpdateVersions update_versions] to install your application, including its signature files, in the download directory and database.
     11 * Use [UpdateVersions update_versions] to install your application, including its signature files, in the download directory and database. <span class="plainlinks">[http://www.lane6fitness.com/muscle-maximizer-review<span style="color:black;font-weight:normal; text-decoration:none!important; background:none!important; text-decoration:none;">muscle maximizer</span>]
    1212
    1313There are less-secure variants; e.g. you could keep the private key on a CD-ROM that is only mounted during signature generation,