I recently acquired a code signing certificate for my employer, but I am not the InstallShield developer who will sign the binaries before distribution. I know I can export the certificate along with its private key, but where do I store it so the InstallShield developer can install it on his machine? Should I remove it from my machine once I give it to the person doing the signing? Where do I store the master copy? Obviously, source control is not the best place, unless I lock down that directory in SVN.
+2
A:
You are correct to not wish to place it in version control.
I would say you should give one copy to your IT department so they can back it up. Give another copy to any developers who need it (sounds like only one needs it). Whether or not you remove it from your machine is up to you.
As for how to transfer it between computers, a USB stick is an obvious solution.
NUXI
2010-03-29 20:31:50
I am starting to think SVN is the right way to go, as long as I configure the proper access control.
flipdoubt
2010-03-30 11:30:47
+3
A:
Enforce Security Policies for Private Keys
Remember: a private key in conjunction with released signed binaries is your company's identity. Policies for handling such keys can't be strict enough.
Enforce that YOU are the only persion in your company who will be capable (and responsible) of signing executables.
If this is not an option then let all PKI-involved employees sign an explicit non-disclosure agreement with a high fine - a much higher sense of responsibility should be the result.
Key Transfers
- use portable media (like a dedicated USB stick or CD-ROM) - I'd prefer a read-only media
- let the receipt be witnessed by another employee
- let the recipient and the witness sign a form about the key-receipt
Storage of the Master Copy
Store the master copy redundant on at least 3 drives at different geographical locations where you have exclusive access to. Also think about encrypting the copies with strong encryption algorithms like AES-256 (in a 7z file for example).
Robert
2010-03-29 21:05:48
+1
A:
If you expect to be able to do automated build you are going to have to put it somewhere the build system can gain access to.
Christopher Painter
2010-03-30 03:20:44
We are not currently signing the binaries as part of our TeamCity build. We plan to sign it as part of our InstallShield build. However, I could see wanting to provide access to the build server. That is why I am checking it into its own SVN repository with the appropriate ACLs.
flipdoubt
2010-03-30 11:38:43
A:
Secure, portable media -- like an encrypted thumb drive -- is a good option. If you're extremely concerned about it and there's a lot of money on the line if the key is compromised, you may even want to look into Hardware Security Modules like those provided by SafeNet. They store the key in a hardened device or appliance to ensure that the key can't be compromised, even if you have physical access to it.
The downside to an HSM is cost. They can run into the tens-of-thousands of dollars. But, if you're at risk for losing millions because of a compromise, it may be a small price to pay.
Shadowman
2010-05-19 18:39:01