master / slave private keys



Saqib Ali
07-09-2005, 11:51 PM
Does MS provide any tools for code signing which allow inidvidual developers
to sign their own piece of code using "slave keys", and the manager the
ability to sign the whole build using "master key" before releasing to QC?

In Peace,
Saqib Ali
http://www.xml-dev.com

Crouchie1998
07-09-2005, 11:51 PM
Yes, Microsoft does give developers the ability to sign code & make private
keys..., but they are for 'TEST' purposes only & shouldn't be used for
signing final assemblies to be sold. If you want to do that then you will
need to purchase a Code Signing Certificate from Verisign. That costs around
$400 a year for a standard certificate & $695 for the professional
certificate. See link below:

http://www.verisign.com/products-services/security-services/code-signing/digital-ids-code-signing/index.html

Here's the Microsoft tool for creating test certificates:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptools/html/cpgrffilesigningtoolsigncodeexe.asp

Me personally would never install anything that contains a third party test
certificate.

I hope this helps

Crouchie1998
BA (HONS) MCP MCSE

Saqib Ali
07-09-2005, 11:51 PM
actually what i was looking for was the ability for each developer to sign
their own piece of code, rather than signing the whole buiild. This way we
can trace back the piece of code to the develoepr who wrote it. It is a SOX
requirement.

all of our developers have SPC + PVK pairs from verisign, so we are not
looking to use home-brew certificates.

Thanks.
Saqib Ali
http://www.xml-dev.com

"Crouchie1998" <crouchie1998@spamcop.net> wrote in message
news:u%23dky7KWFHA.3044@TK2MSFTNGP10.phx.gbl...
> Yes, Microsoft does give developers the ability to sign code & make
private
> keys..., but they are for 'TEST' purposes only & shouldn't be used for
> signing final assemblies to be sold. If you want to do that then you will
> need to purchase a Code Signing Certificate from Verisign. That costs
around
> $400 a year for a standard certificate & $695 for the professional
> certificate. See link below:
>
>
http://www.verisign.com/products-services/security-services/code-signing/digital-ids-code-signing/index.html
>
> Here's the Microsoft tool for creating test certificates:
>
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cptools/html/cpgrffilesigningtoolsigncodeexe.asp
>
> Me personally would never install anything that contains a third party
test
> certificate.
>
> I hope this helps
>
> Crouchie1998
> BA (HONS) MCP MCSE
>
>


master / slave private keys