Been trying to figure out the best way to integrate Authenticode signing within the build process and its frankly kicking my ass. There doesn't seem to be any way to smoothly and securely do it.
I'm interested in hearing your stories on how you integrate Authenticode signing in your build process.
Here's my sad story. C# developer, so I have a standard Visual Studio solution with code projects and an installer project. I use Team Foundation, so I can check in my code and run a release build. Awesome.
Now, to Authenticode sign my assemblies, I can add Post Build actions on my projects to sign my binaries using SignTool.exe. That's all and well, except this requires I have both the Authenticode certificate (.PFX) and its password. This is not secure, and every developer would have to have this on their machine.
If we managed to ensure that only the build server could sign code, we'd still be screwed because anyone who can create a build can sign any binary they want. Still not secure.
The only way I can see doing it is to basically trash the build. Installers would not be allowed to build automatically. After a successful build, the binaries would have to be delivered to a designated authority who would sign them, after which they would be added to the installer project which would then be built, after which the installer binaries would have to be returned to the same authority to be signed. All of this would be labor intensive, would take a long time to do, and would be error prone. It would be awesome if it was a one-step process where both the .msi and the binaries it holds are Authenticode signed, but apparently there is little chance this is possible.
The whole damned thing stinks of cluster. There's gotta be a better way.