Re: Does anyone back up Certificates?
- From: Sylvain <noSpam@xxxxxxxx>
- Date: Thu, 12 Jul 2007 01:38:18 +0200
Robert Scott wrote on 11/07/2007 23:00:
When I want to do some code signing, I first run [...] then asks me to select
the file [...] Then it asks me to select a cert from the MS store.
[...] Then a box pops up asking for the passphrase associated [...]
Next, I go online [...] Then after a few minutes I can download [...]
now signed with the Microsoft Mobile-to-Market Cert which is known to
all Windows Mobile smartphones and Pocket PCs.
easy process !! indeed.
AFAIK, Pocket PCs also accept not signed code or code signed the usual way, I'm not aware of constraints that may exist for SmartPhone (but I can imagine that phone operators have introduce some verification rules) interesting point to invest.
So I don't know what the role is for the USB token, except that it provides an
additional layer of security (and bother!)
it seems to only provide a proof to Geotrust that you are the valid customer of their services - this also looks strange or is specific to GSM/UMTS world; usually when one purchases a code signing cert/key, the role of the CA is limited to grant that it is that company that had generated and signed the code; in your case, either Geotrust checks your code (and is the one that can verify it) and then signs it, ... or Geotrust has special commercial rules that prevent you to freely use the service (the key) you bought.
so that if I were to clone my hard disk, I still could not create an entirely separate codesigning system, because the the one USB token is still needed. But the cert in question is not on the USB token.
definitively, even if the normal (?) way would allow you to sign whatever you want (code are under your responsibility, only your company name is under responsibility of the CA.
So I guess that the answer to my original question is that I should just be very
careful not to do a system restore to a date before I installed the Geotrust
cert, or else be prepared to beg Geotrust for another download.
you should not install the "signature system" on any development machine, instead install it on a clean system installed on a dedicated partition, and *back up that partition* (or keep it safe on any other install) and use that OS for that purpose only.
Sylvain.
.
- References:
- Re: Does anyone back up Certificates?
- From: Sylvain
- Re: Does anyone back up Certificates?
- From: Sylvain
- Re: Does anyone back up Certificates?
- From: lelteto
- Re: Does anyone back up Certificates?
- Prev by Date: Re: How to access share using specific credentials?
- Next by Date: SSPI logon gives handle to existing logon session
- Previous by thread: Re: Does anyone back up Certificates?
- Next by thread: How to access share using specific credentials?
- Index(es):
Relevant Pages
|
