WebApp Sec mailing list archives
Re: Designing a Code Signining System
From: Saqib Ali <docbook.xml () gmail com>
Date: Tue, 21 Jun 2005 06:51:14 -0700
Hi Mike, Thanks for the feedback.
The web based ("Hi-Tech") solution can be exploited by a Trojan within your organization. It can pretend to be a valid request from inside the organization and acquire a key. The Trojan can then use this key anywhere it wants.
The way I have designed this, the the subject (user or malware) making the signing request will never get to see the PVK. The reconstructed key will be only temporarily available on the build signing system.
a) User produces a binary from a sanctioned build system based on checked-in sources. The build system signs the binary using its private key. (key set 1). b) As part of the release, the build system asks an authentication system to officially sign the binary and submits the binary from step 1. The authentication system unsigns the submitted binary (using the build system's public key), then signs it using a private key. (key set 2).
I am not seeing any additional security with this solution. Same effect can be achieved by using certificates to authenticate users to High-Tech solution that I proposed. -- In Peace, Saqib Ali http://www.xml-dev.com
Current thread:
- Designing a Code Signining System Saqib Ali (Jun 15)
- <Possible follow-ups>
- Re: Designing a Code Signining System mike (Jun 20)
- Re: Designing a Code Signining System Saqib Ali (Jun 21)