code signing – Page 2 – WindowsTechs.com

How to Store Signed Source Code + Encrypted HASH +Code Signing Cert

Posted on March 1, 2023 by MegaHurts2010

I have been tasked with designing a solution for signing source code. I have not found much on whether or not there is a standard for storing the signed code and it’s hash and code signing cert.
As I understand it, signing source code invo… Continue reading How to Store Signed Source Code + Encrypted HASH +Code Signing Cert→

GitHub code-signing certificates stolen (but will be revoked this week)

Posted on January 31, 2023 by Paul Ducklin

There was a breach, so the bad news isn’t great, but the good news isn’t too bad… Continue reading GitHub code-signing certificates stolen (but will be revoked this week)→

How can code signing posibly be secure on Windows when signed executables act on unsigned input?

Posted on January 20, 2023 by Tenders McChiken

As a security measure, my Windows-based work computer has been configured to deny any application that hasn’t been signed with a valid certificate; my system will run a signed executable from DropBox’s website, but it will refuse to run an… Continue reading How can code signing posibly be secure on Windows when signed executables act on unsigned input?→

How to create, use and backup android signing keys without trusting the computer?

Posted on January 15, 2023 by Alai

I did a lot of research on how to securely create, use and backup android signing keys (when using Google Play Signing is not an option). The best option seams to be a Yubikey or a Nitrokey HSM 2 and use their pkcs11 capability [0].
Backin… Continue reading How to create, use and backup android signing keys without trusting the computer?→

Does verifying a code signature require making a network connection?

Posted on January 2, 2023 by greyyit

Does Windows 11 need to make a network connection to verify a code signature for a .exe or .dll file?

Continue reading Does verifying a code signature require making a network connection?→

Windows CSP for remote signing

Posted on November 29, 2022 by videoguy

I have a system (lets call it signer) that has private keys for doing Authenticode code signing. I have bunch of build systems that want to sign generated build artifacts. Obviously I can’t use signtool directly on build systems as private… Continue reading Windows CSP for remote signing→

Validating web app source code integrity

Posted on October 11, 2022 by leplos

I am interested if it could be possible to validate source code integrity for web apps somehow.
For example:

Developer builds app and sign source code with his private key. Both signature and public key is included in web app.

User fetch… Continue reading Validating web app source code integrity→

How to do code signing with Visual Studio 2022

Posted on August 8, 2022 by Binoy

I am new to code signing and would like to do it using Visual Studio 2022. I got a MS article showing how to do Code Signing here and was trying to use it. For me, the "Sign the ClickOnce manifests" option is somehow disabled.
Wh… Continue reading How to do code signing with Visual Studio 2022→

How to do code signing with Visual Studio 2022

Posted on August 8, 2022 by Binoy

How does npm’s ECDSA signing system improve security?

Posted on August 7, 2022 by Brian Drake

I have not been able to find a single page that actually explains how npm’s
ECDSA signing system works.
The closest I could find is the official documentation, but as far as I can
tell from that documentation, this system is completely use… Continue reading How does npm’s ECDSA signing system improve security?→