Open clairernovotny opened 7 years ago
MaulingMonkey
commented
7 years ago Some code signing is already done to help support strong naming, which in turn helps support installation into the GAC? Of course, my understanding is that the private key is checked directly into version control at https://github.com/PistonDevelopers/VisualRust/blob/master/src/VisualRust/Key.snk , so this doesn't really prevent tampering per se.
clairernovotny
commented
7 years ago There is a difference between strong name signing (which is tied to assembly identity and required for the GAC) and Autheticode signing, which is about authenticity and provenance of the binary itself.
Snk files are not a security mechanism -- which is why they're ok to check in. What they do is disambiguate two libraries that might happen to have the same name otherwise.
Authenticode stamps on the public portion of an x509 certificate (so individual or organization) and timestamp from a CA. Things like SmartScreen then check the reputation of the certificate to determine whether to show the "this file is not trusted..." dialog. It is possible to verify that a file hasn't been tampered with during assembly load, but that's generally not done for perf reasons. It's usually at run of a file with the "mark of the web" or the VSIX installer.
Boddlnagg
commented
7 years ago So we would need an x509 certificate from somewhere, right?
clairernovotny
commented
7 years ago Right...that is the requirement. Certum offers cheap ones for OSS projects. Many foundations like the .NET Foundation and the Apache foundation offer them to their member projects.
https://www.certum.eu/certum/cert,offer_en_open_source_cs.xml
There are others too, but I believe Certum is the cheapest.
Have you considered signing the binaries (dll's, setup exe's and VSIX's) with an Authenticode certificate to help prevent tampering in your official builds?
It's easy to integrate into a CI build as well with the code signing service I wrote (https://github.com/onovotny/SignService). Happy to help set that up for you if you want and it supports all of the file types this project needs.