Closed private-number closed 1 year ago
bdbai
commented
1 year ago The key pair we use is strictly for package signing only. Conducting an MITM attack using this certificate is not practical.
For sideloaded apps, it is a common practice to provide a certificate for pre-built app packages. See Bili.Uwp and Natsurainko.FluentLauncher.
If it is still of concern to you, I suggest manually compiling this app from source.
private-number
commented
1 year ago thanks for your reply. Isn't it better to create a self-sign package script and append it to installation script as pre-requisite to avoid importing CA to trust root?
bdbai
commented
1 year ago Isn't it better to create a self-sign package script and append it to installation script as pre-requisite to avoid importing CA to trust root?
The installation scripts that come with the app package, i.e. install.ps1 and Add-AppDevPackage.ps1, are prepared by Visual Studio packaging pipeline and hence it is not advisable to modify them. The client machine may not have Windows SDK installed where SignTool is provided as well.
Importing unknown certificate into local machine trusted root authority is not acceptable for security reasons and in any way means opening door for MITM attack.