WebApp Sec mailing list archives
Designing a Code Signining System
From: Saqib Ali <docbook.xml () gmail com>
Date: Wed, 15 Jun 2005 07:11:36 -0700
Hello WebAppSec gurus, and other Security Experts (in bcc), Recently I was tasked to design and implement a Code Signing system, that would allow multiple developers to sign the binaries, while maintaining the secrecy of the private key. I have come up with two solutions: 1) Hi-Tech solution. A Web based code signing application that uses Secret Sharing, to maintain the secrecy of the private key. 2) Lo-Tech solution. A system dedicated for code signing that require physical access. The detailed description of both of these solutions is available @ http://www.xml-dev.com/blog/?action=viewtopic&id=130 Any feedback/comments are welcome on either of the two solutions. However I am most interested in getting some recommendation for implementing solution #1 securely as web based application. -- In Peace, Saqib Ali http://www.xml-dev.com/
Current thread:
- Designing a Code Signining System Saqib Ali (Jun 15)
- <Possible follow-ups>
- Re: Designing a Code Signining System mike (Jun 20)
- Re: Designing a Code Signining System Saqib Ali (Jun 21)