Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authenticode signing binaries #300

Open
clairernovotny opened this issue Jul 29, 2017 · 4 comments
Open

Authenticode signing binaries #300

clairernovotny opened this issue Jul 29, 2017 · 4 comments

Comments

@clairernovotny
Copy link

Have you considered signing the binaries (dll's, setup exe's and VSIX's) with an Authenticode certificate to help prevent tampering in your official builds?

It's easy to integrate into a CI build as well with the code signing service I wrote (https://github.com/onovotny/SignService). Happy to help set that up for you if you want and it supports all of the file types this project needs.

@MaulingMonkey
Copy link
Collaborator

Some code signing is already done to help support strong naming, which in turn helps support installation into the GAC? Of course, my understanding is that the private key is checked directly into version control at https://github.com/PistonDevelopers/VisualRust/blob/master/src/VisualRust/Key.snk , so this doesn't really prevent tampering per se.

@clairernovotny
Copy link
Author

There is a difference between strong name signing (which is tied to assembly identity and required for the GAC) and Autheticode signing, which is about authenticity and provenance of the binary itself.

Snk files are not a security mechanism -- which is why they're ok to check in. What they do is disambiguate two libraries that might happen to have the same name otherwise.

Authenticode stamps on the public portion of an x509 certificate (so individual or organization) and timestamp from a CA. Things like SmartScreen then check the reputation of the certificate to determine whether to show the "this file is not trusted..." dialog. It is possible to verify that a file hasn't been tampered with during assembly load, but that's generally not done for perf reasons. It's usually at run of a file with the "mark of the web" or the VSIX installer.

@Boddlnagg
Copy link
Contributor

So we would need an x509 certificate from somewhere, right?

@clairernovotny
Copy link
Author

Right...that is the requirement. Certum offers cheap ones for OSS projects. Many foundations like the .NET Foundation and the Apache foundation offer them to their member projects.

https://www.certum.eu/certum/cert,offer_en_open_source_cs.xml

There are others too, but I believe Certum is the cheapest.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants