Re: Designing a Code Signining System

[Saqib Ali <docbook.xml () gmail com>]

Hi Mike,

Thanks for the feedback.
> The web based ("Hi-Tech") solution can be exploited by a Trojan within your organization. It can pretend to be a 
> valid request from inside the organization and acquire a key. The Trojan can then use this key anywhere it wants.

The way I have designed this, the the subject (user or malware) making
the signing request will never get to see the PVK. The reconstructed
key will be only temporarily available on the build signing system.

> a) User produces a binary from a sanctioned build system based on checked-in sources. The build system signs the 
> binary using its private key. (key set 1).
> b) As part of the release, the build system asks an authentication system to officially sign the binary and submits 
> the binary from step 1. The authentication system unsigns the submitted binary (using the build system's public key), 
> then signs it using a private key. (key set 2).

I am not seeing any additional security with this solution. Same
effect can be achieved by using certificates to authenticate users to
High-Tech solution that I proposed.

-- 
In Peace,
Saqib Ali
http://www.xml-dev.com