Windows 代码签名证书 - reader 和密码卡有什么用?
Windows code signing certificate - what is the reader and cryptographic card for?
我正在 Certum 上查看此代码签名证书:
https://en.sklep.certum.pl/data-safety/code-signing-certificates/open-source-code-signing-930.html
它有两个选项,有 "reader and cryptographic card"(86 欧元)或没有(28 欧元)。
我已经联系了 Certum,他们说:
From this year Microsoft requires to install code signing certificate on cryptographic card and reader is used to read this card
但是我在 Internet 或 Microsoft 官方网站上找不到任何关于此的信息(可能我没有搜索正确的关键字,因为 Certum 页面是从波兰语翻译过来的)。
这张卡和设备是否真的是签署软件所必需的?知道在哪里可以找到有关这一切的信息吗?
这可能是一个迟到的回复,但这里有一些信息,以防有人遇到这个问题 post。
Stronger protection for private keys: The best practice will be to use
a FIPS 140-2 Level 2 HSM or equivalent. Studies show that code signing
attacks are split evenly between issuing to bad publishers and issuing
to good publishers that unknowingly allow their keys to be
compromised. That enables an attacker to sign malware stating it was
published by a legitimate company. Therefore, companies must either
store keys in hardware they keep on premise hardware, or in a new
secure cloud-based code signing cloud-based service.
Microsoft has announced that they will be adopting the new Minimum
Requirements for the Issuance and Management of Code Signing
Certificates issued by the Certificate Authority Security Council
(CASC). This means, beginning February 1, 2017, Certificate
Authorities (CAs) will need to meet these requirements in order for
their certificates to be trusted in Windows platforms. As such,
GlobalSign will be making the changes listed below starting January
30, 2017.
All Code Signing Certificates Will Be Issued with USB tokens
我有电话叫 Certum,他们说有必要。但是,您可以选择更昂贵的云中开源代码签名选项,他们声称您不需要该卡,然后 reader...这就是我想要的,但我只是和你一样惊讶我需要一些硬件...
我正在 Certum 上查看此代码签名证书:
https://en.sklep.certum.pl/data-safety/code-signing-certificates/open-source-code-signing-930.html
它有两个选项,有 "reader and cryptographic card"(86 欧元)或没有(28 欧元)。
我已经联系了 Certum,他们说:
From this year Microsoft requires to install code signing certificate on cryptographic card and reader is used to read this card
但是我在 Internet 或 Microsoft 官方网站上找不到任何关于此的信息(可能我没有搜索正确的关键字,因为 Certum 页面是从波兰语翻译过来的)。
这张卡和设备是否真的是签署软件所必需的?知道在哪里可以找到有关这一切的信息吗?
这可能是一个迟到的回复,但这里有一些信息,以防有人遇到这个问题 post。
Stronger protection for private keys: The best practice will be to use a FIPS 140-2 Level 2 HSM or equivalent. Studies show that code signing attacks are split evenly between issuing to bad publishers and issuing to good publishers that unknowingly allow their keys to be compromised. That enables an attacker to sign malware stating it was published by a legitimate company. Therefore, companies must either store keys in hardware they keep on premise hardware, or in a new secure cloud-based code signing cloud-based service.
Microsoft has announced that they will be adopting the new Minimum Requirements for the Issuance and Management of Code Signing Certificates issued by the Certificate Authority Security Council (CASC). This means, beginning February 1, 2017, Certificate Authorities (CAs) will need to meet these requirements in order for their certificates to be trusted in Windows platforms. As such, GlobalSign will be making the changes listed below starting January 30, 2017.
All Code Signing Certificates Will Be Issued with USB tokens
我有电话叫 Certum,他们说有必要。但是,您可以选择更昂贵的云中开源代码签名选项,他们声称您不需要该卡,然后 reader...这就是我想要的,但我只是和你一样惊讶我需要一些硬件...