我正在 Certum 上查看此代码签名证书:
https://en.sklep.certum.pl/data-safety/code-signing-certificates/open-source-code-signing-930.html
它有两个选项,带“读卡器和加密卡”(86 欧元)或不带(28 欧元)。
我已就此事联系了 Certum,他们说:
From this year Microsoft requires to install code signing certificate on cryptographic card and reader is used to read this card
但是,我在互联网或 Microsoft 官方网站上找不到任何相关信息(可能我没有搜索正确的关键字,因为 Certum 页面是从波兰语翻译而来的)。
这张卡和设备真的是签署软件所必需的吗?知道在哪里可以找到有关这一切的信息吗?
最佳答案
这可能是一个迟到的回复,但这里有一些信息,以防有人看到这篇文章。
Stronger protection for private keys: The best practice will be to use a FIPS 140-2 Level 2 HSM or equivalent. Studies show that code signing attacks are split evenly between issuing to bad publishers and issuing to good publishers that unknowingly allow their keys to be compromised. That enables an attacker to sign malware stating it was published by a legitimate company. Therefore, companies must either store keys in hardware they keep on premise hardware, or in a new secure cloud-based code signing cloud-based service.
Microsoft has announced that they will be adopting the new Minimum Requirements for the Issuance and Management of Code Signing Certificates issued by the Certificate Authority Security Council (CASC). This means, beginning February 1, 2017, Certificate Authorities (CAs) will need to meet these requirements in order for their certificates to be trusted in Windows platforms. As such, GlobalSign will be making the changes listed below starting January 30, 2017.
All Code Signing Certificates Will Be Issued with USB tokens
关于Windows 代码签名证书 - 读卡器和加密卡有什么用?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/47284317/