Closed SailReal closed 6 years ago
SailReal
commented
6 years ago Yes, there are indeed some purposes for code signing:
Will talk again to the computing center to find out if they can modify the list of purposes to add code signing to our signed certificate...
SailReal
commented
6 years ago @langweg The cheapest version I found is from digicert for $111.00 USD and can be ordered here: https://www.digicert.com/order/order-1.php Just follow the purchase process but make sure to buy a "Code Signing Certificate" (the cheaper version without EV) and as platform "Microsoft Authenticode".
Furthermore we can by an Yubikey e.g. 4 for $56.25 incl. shipping, which supports the PIV-Mode.
This tutorial demonstrates, how to store the certificate and how to sign an application using the signtool with a yubikey: https://pete.akeo.ie/2017/05/using-yubikey-to-store-code-signing.html If the order is arrived, you could let me know so I can take these steps.
langweg
commented
6 years ago Ordered a code signing certificate from DigiCert today. Initiated the process to order a YubiKey 4 to store the keys.
Hmm actually I'm not able to sign an executable using the key from the HTWG. I always get the following output:
I double checked, that the private key is included in the certificate file (e.g. I'm able do encrypt and decrypt data using this key). Further it seems like the signtool uses this error message for a lot of different problems. If I create an certificate without interaction of an CA, I'm able to sign the application (signed with an not trusted certificate). The comparison of the certificates let me gamble, that the purpose must me set to something like "signing application":
...just to inform you about the current progress...