On Mon, Dec 7, 2009 at 6:16 PM, Greg Brown <[email protected]> wrote: > > To be the ASF code signing cert, that request must originate from > corporate officers. >
Last year we started signing JAR files at Red Hat with a number of code signing certificates. Because we have so many different product groups and QA groups for each product we used our signing server for this (basically it's a dedicated machine which has a small server allowing remote requests to sign files, compare with stored ACL's, return signed files). On the signing server itself we actually use nCipher crypto hardware to keep the keys safe (keys generated in the hardware). The idea being that no one at Red Hat ever has access to any key, just a short-term ACL-controlled ability to sign with that key. The server software itself we've not released as it's not really useful (acls and server based on our internal krb5 setup). And the crypto boards are not cheap, but maybe we could get some help from nCipher with one. However, even without the hardware having a separate more tightly-controlled machine would be the way forward. (we also sign rpms, detached sigs for zips, etc see http://www.awe.com/mark/blog/200701300906.html ) Mark
