Network Security: Detailed info on Designing a Code Signining System

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Designing a Code Signining System

from [Saqib Ali] Network Security

[Permanent Link]

Subject:	Designing a Code Signining System
Date:	Wed, 15 Jun 2005 07:11:36 -0700

Hello WebAppSec gurus, and other Security Experts (in bcc),

Recently I was tasked to design and implement a Code Signing system,
that would allow multiple developers to sign the binaries, while
maintaining the secrecy of the private key.

I have come up with two solutions:

1) Hi-Tech solution. A Web based code signing application that uses
Secret Sharing, to maintain the secrecy of the private key.

2) Lo-Tech solution. A system dedicated for code signing that require
physical access.

The detailed description of both of these solutions is available @
http://www.xml-dev.com/blog/?action=viewtopic&id=130

Any feedback/comments are welcome on either of the two solutions. 

However I am most interested in getting some recommendation for
implementing solution #1 securely as web based application.

-- 
In Peace,
Saqib Ali
http://www.xml-dev.com/

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Designing a Code Signining System, Saqib Ali <= Re: Designing a Code Signining System, mike Re: Designing a Code Signining System, Saqib Ali

Previous by Date:	Re: Cookie stealing and replay in a corporate single sign on environment, Willie Northway
Next by Date:	RE: Cookie stealing and replay in a corporate single sign on environment, Cyrill Osterwalder
Previous by Thread:	Cookie stealing and replay in a corporate single sign on environment, Willard Fernortner
Next by Thread:	Re: Designing a Code Signining System, mike
Indexes:	[Date] [Thread] [Top] [All Lists]