交叉签署 msi 或可执行文件。有什么理由这样做吗?
Cross signing an msi or executable. Is there any reason to do so?
根据上面的 link,您可以使用代码签名证书对内核模型驱动程序进行签名,然后使用交叉签名证书再次对其进行签名。这是内核模式驱动程序所必需的。
问题是,是否还有 reason/benefit 使用交叉签名证书对 exe/msi 包进行签名?
如果没有任何好处,为什么需要内核模式驱动程序?它如何使它更安全?
交叉签名提供了额外的信任级别,这对内核模式驱动程序很重要。交叉签名提供了额外的信任,因为两个证书颁发机构都不太可能受到损害。
对于 EXE 和 MSI,交叉签名似乎意味着您的可执行文件在其中一个权限遭到破坏的情况下仍然可以被信任。
编辑:
我个人与此相关的经验是使用 Authenticode 签名的程序集以及它们的加载速度如何缓慢(您没有说您的 EXE 是否是 .NET 程序集)。看这里https://blogs.msdn.microsoft.com/shawnfa/2005/12/13/authenticode-and-assemblies/
Assembly Load Performance
When the CLR loads an assembly which has an Authenticode signature, it
will always try to verify that signature. This is in contrast to the
Windows loader, which will verify the signature of a file only in
specific instances, such as when the file is an ActiveX control. This
verification can be quite time intensive, since it can require hitting
the network several times to download up to date certificate
revocation lists, and also to ensure that there is a full chain of
valid certificates on the way to a trusted root. So, when an
Authenticode signature is applied to an assembly it's not unheard of
to see a several second delay while that assembly is being loaded.
Also note that the optimization applied to strongly named assemblies,
where the strong name signature is not verified if the assembly is
being loaded from the GAC is not applied to Authenticode signatures.
Since Authenticode provides the ability to revoke a certificate, we
cannot assume that because the assembly's Authenticode signature was
valid when it went into the GAC it will remain valid every time we
load it.
对我来说,如果您的 EXE 是由 .NET 构建的(即,它是一个程序集),那么它签署的 CA 越多,加载速度可能越慢。如果它不是 .NET 或 ActiveX 控件(或“某些实例”),则不会有延迟。
根据上面的 link,您可以使用代码签名证书对内核模型驱动程序进行签名,然后使用交叉签名证书再次对其进行签名。这是内核模式驱动程序所必需的。
问题是,是否还有 reason/benefit 使用交叉签名证书对 exe/msi 包进行签名?
如果没有任何好处,为什么需要内核模式驱动程序?它如何使它更安全?
交叉签名提供了额外的信任级别,这对内核模式驱动程序很重要。交叉签名提供了额外的信任,因为两个证书颁发机构都不太可能受到损害。
对于 EXE 和 MSI,交叉签名似乎意味着您的可执行文件在其中一个权限遭到破坏的情况下仍然可以被信任。
编辑:
我个人与此相关的经验是使用 Authenticode 签名的程序集以及它们的加载速度如何缓慢(您没有说您的 EXE 是否是 .NET 程序集)。看这里https://blogs.msdn.microsoft.com/shawnfa/2005/12/13/authenticode-and-assemblies/
Assembly Load Performance
When the CLR loads an assembly which has an Authenticode signature, it will always try to verify that signature. This is in contrast to the Windows loader, which will verify the signature of a file only in specific instances, such as when the file is an ActiveX control. This verification can be quite time intensive, since it can require hitting the network several times to download up to date certificate revocation lists, and also to ensure that there is a full chain of valid certificates on the way to a trusted root. So, when an Authenticode signature is applied to an assembly it's not unheard of to see a several second delay while that assembly is being loaded.
Also note that the optimization applied to strongly named assemblies, where the strong name signature is not verified if the assembly is being loaded from the GAC is not applied to Authenticode signatures. Since Authenticode provides the ability to revoke a certificate, we cannot assume that because the assembly's Authenticode signature was valid when it went into the GAC it will remain valid every time we load it.
对我来说,如果您的 EXE 是由 .NET 构建的(即,它是一个程序集),那么它签署的 CA 越多,加载速度可能越慢。如果它不是 .NET 或 ActiveX 控件(或“某些实例”),则不会有延迟。