WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Designing a Code Signining System

From: Saqib Ali <docbook.xml () gmail com>
Date: Wed, 15 Jun 2005 07:11:36 -0700
Hello WebAppSec gurus, and other Security Experts (in bcc),

Recently I was tasked to design and implement a Code Signing system,
that would allow multiple developers to sign the binaries, while
maintaining the secrecy of the private key.

I have come up with two solutions:

1) Hi-Tech solution. A Web based code signing application that uses
Secret Sharing, to maintain the secrecy of the private key.

2) Lo-Tech solution. A system dedicated for code signing that require
physical access.

The detailed description of both of these solutions is available @
http://www.xml-dev.com/blog/?action=viewtopic&id=130

Any feedback/comments are welcome on either of the two solutions. 

However I am most interested in getting some recommendation for
implementing solution #1 securely as web based application.

-- 
In Peace,
Saqib Ali
http://www.xml-dev.com/
Previous By Date Next
Previous By Thread Next

Current thread: