Re: Digitally sign my own DLL?
- From: Pierre Couderc <pecouderc@xxxxxx>
- Date: Tue, 20 Jan 2009 11:09:06 +0100
There are some philosophic and practical problems with that :
- in what sense are "you" more "untrusted root authority" than Verisign? if you have established a relation with for example a customer, you are more trusted from him that a Verisign, that he has never hear of.
This is the reason why we use our own CA certificate (that we install in our setup.exe without any protest from Vista).
- are we sure that all the CA listed in MS list of trusted CA, are so sure that no "hacker" can get such a publisher certificate. If they were so sure, they would not try to develop "Extended validation" procedures, see http://www.cabforum.org/
- it may be strange that MS let you install silently a new CA into to the list of trusted CA but this is logical : if you trust someone enough to execute its code, you can trust its CA (Certification Authority).
David Ching a écrit :
.
"Alec S." <nospam@xxxxxxxxx> wrote in message news:eFhw2jCdJHA.5540@xxxxxxxxxxxxxxxxxxxxxxxI tried out Thawte for a bit, but that was probably just a free trial.
Digital signatures have always annoyed me because they serve two purposes, not
just one, and so should be available in two modes. One purpose is to verify
authenticity (determine if a file has been tampered with, eg by a virus), and
the other is to vouche for the authorship of the file (ie to prove that it is by
someone trustworthy). There should be an easy way for us to sign our own apps
for the first purpose (eg like with a public key), built into the compile
process. The second purpose is the one that should require an external
authrority.
I purchased my Code Signing Cert from Comodo, the cheapest I could find at the time. There are two ways to get a code signing certificate; one you can produce your own with a MS utility (I think one is called makecert, but it is old and has been replaced). This is easy, but because the cert was produced by an untrusted root authority (you), any app signed by it will have the signature ignored by anyone you give your app to. The only reason it works on your PC is you can manually add the cert to the Trusted Root Certificate Authorities and Trusted Publishers branches using the Certificate snap-in to MMC.EXE. So on your PC, the cert is trusted, but not on any other PC.
The other is to purchase one through a third party such as Verisign or Comodo, etc. Since those are Trusted Root Certificate Authorities, anything you sign with that cert will be recognized as authentic by others.
Separating the two functions of code signing as you suggest is not feasible. Even if you did generate a hash of your app and certified that it hadn't been tampered with, what's to prevent a malware hacker from altering your app with a virus and generating a new hash of it and then claiming it is OK? The only thing preventing that is that you are identified with your digital signature, whereas the hacker can't produce that.
-- David
- Follow-Ups:
- Re: Digitally sign my own DLL?
- From: David Ching
- Re: Digitally sign my own DLL?
- References:
- Digitally sign my own DLL?
- From: Simon
- Re: Digitally sign my own DLL?
- From: Joseph M . Newcomer
- Re: Digitally sign my own DLL?
- From: Alec S.
- Re: Digitally sign my own DLL?
- From: David Ching
- Digitally sign my own DLL?
- Prev by Date: Re: What *is* a CtrlID?
- Next by Date: creating a CToolBar inside A CFormView
- Previous by thread: Re: Digitally sign my own DLL?
- Next by thread: Re: Digitally sign my own DLL?
- Index(es):
Relevant Pages
|
