Where do you store the private key for your code signing certificate?
I recently acquired a code signing certificate for my employer, but I am not the InstallShield developer who will sign the binaries before distribution. I know I can export the certificate along with its private key, but where do I store it so the InstallShield developer can install it on his machine? Should I remove it from my machine once I give it to the person doing the signing? Where do I store the mast开发者_运维问答er copy? Obviously, source control is not the best place, unless I lock down that directory in SVN.
Enforce Security Policies for Private Keys
Remember: a private key in conjunction with released signed binaries is your company's identity. Policies for handling such keys can't be strict enough.
Enforce that YOU are the only persion in your company who will be capable (and responsible) of signing executables.
If this is not an option then let all PKI-involved employees sign an explicit non-disclosure agreement with a high fine - a much higher sense of responsibility should be the result.
Key Transfers
- use portable media (like a dedicated USB stick or CD-ROM) - I'd prefer a read-only media
- let the receipt be witnessed by another employee
- let the recipient and the witness sign a form about the key-receipt
Storage of the Master Copy
Store the master copy redundant on at least 3 drives at different geographical locations where you have exclusive access to. Also think about encrypting the copies with strong encryption algorithms like AES-256 (in a 7z file for example).
If you expect to be able to do automated build you are going to have to put it somewhere the build system can gain access to.
You are correct to not wish to place it in version control.
I would say you should give one copy to your IT department so they can back it up. Give another copy to any developers who need it (sounds like only one needs it). Whether or not you remove it from your machine is up to you.
As for how to transfer it between computers, a USB stick is an obvious solution.
Secure, portable media -- like an encrypted thumb drive -- is a good option. If you're extremely concerned about it and there's a lot of money on the line if the key is compromised, you may even want to look into Hardware Security Modules like those provided by SafeNet. They store the key in a hardened device or appliance to ensure that the key can't be compromised, even if you have physical access to it.
The downside to an HSM is cost. They can run into the tens-of-thousands of dollars. But, if you're at risk for losing millions because of a compromise, it may be a small price to pay.
精彩评论