Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications




Download 278.57 Kb.
NameTest lab managers, it professionals, and developers who manage the process of test signing and verifying applications
page1/28
A typeTest
manual-guide.com > manual > Test
  1   2   3   4   5   6   7   8   9   ...   28



Code Signing Best Practices

July 25, 2007

Abstract

This paper provides information about code signing for the Windows® family of operating systems. It provides guidelines for:

  • Chief technology officers (CTOs) or chief security officers (CSOs) who deploy the code-signing infrastructure.

  • Test lab managers, IT professionals, and developers who manage the process of test signing and verifying applications.

  • Build engineers who sign and verify applications for use with Windows.


This information applies for the following operating systems:
Windows Vista®
Windows Server® 2003
Microsoft Windows XP

Future versions of this preview information will be provided in the Windows Driver Kit.

The current version of this paper is maintained on the Web at:
http://www.microsoft.com/whdc/winlogo/drvsign/best_practices.mspx

References and resources discussed here are listed at the end of this paper.

Contents

Introduction 4

What's New in Windows Vista 4

Who Should Read this Paper 4

Code-Signing Basics 5

Uses of Code Signing 5

Digital Signatures 5

Digital Certificates 7

Identity and Policy 8

Roles within the Code-Signing Ecosystem 8

Test Signing versus Release Signing 10

Signing Technologies in Windows 11

Authenticode 11

Strong Name Signatures 13

Strong Name Best Practices 14

Code-Signing Tools 15

Inf2Cat 17

Digital Signatures in Windows 17

Existing Uses of Digital Signatures on Windows 17

Enhanced Use of Digital Signatures in Internet Explorer Windows on Windows Vista 18

New Uses of Digital Signatures in Windows Vista 20

Code Signing during Software Development 25

What Test Signing Is 26

Test Signing by Individual Developers 26

Integrating Test Signing into the Build Environment 28

Configuring a Test Computer or Environment 29

Test-Signing Operations 31

Code-Signing Service Best Practices 32

Cryptographic Key Protection 33

Signing Environment 35

Code-Signing Submission and Approval Process 36

Auditing Practices 36

Virus Scanning 37

Test Signing 37

Release Signing 37

How to Acquire a Certificate from a Commercial CA 38

Revocation 38

Automation 38

Separation of Duties 39

Staffing Requirements 39

Timestamping 39

Code-Signing Service Example Topologies 39

Offline Manual Signing Topology 40

Online Signing with Manual Approval 44

Online Signing with Automated Approval 48

Code Signing for Managed Networks 51

Certificates from Trusted Third-Party Software Publishers 52

Certificates from an Internal CA 52

Certificates from a Commercial CA 53

Software Restriction Policies for Managed Networks 53

Resources 54

Introduction 54

Code-Signing Basics 54

Signing Technologies in Windows 54

Digital Signatures in Windows 55

Code Signing during Software Development 55

Code-Signing Service Best Practices 56

Code-Signing Service Example Topologies 56

Code Signing for Managed Networks 56

Others 57

Appendix 1. Generating Test Certificates with MakeCert 58

Appendix 2. Configuring System Certificates Stores 59

Appendix 2.1. Certificate Import Wizard 59

Appendix 2.2. MMC Certificates Snap-in Wizard 59

Appendix 2.3. Certificate Manager Tool (CertMgr) 60

Appendix 2.4. Group Policy 61

Appendix 3. Microsoft Certificate Server Deployment 62

General CA Deployment Considerations 62

Best Practices for Deploying an Internal CA for Code Signing 63

Appendix 4. Sign Tool (SignTool) 65

SignTool Sign and SignTool Timestamp 65

Signature Verification with SignTool 66

Appendix 5. Signing with PVK and PFX files 67

Appendix 5.1. Converting PVK to PFX files with PVK2PFX 67

Appendix 5.2. Importing PFX Files 67

Appendix 5.3. Removing Certificates and Private Keys from Windows 68


Disclaimer

This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein.
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, email address, logo, person, place or event is intended or should be inferred.
© 2006–2007 Microsoft Corporation. All rights reserved.
Microsoft, ActiveX, Authenticode, MSDN, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
  1   2   3   4   5   6   7   8   9   ...   28

Share in:

Related:

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconTest Reports: Manufacturer’s Printed Test Report via a Tektronics...

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconTest Reports: Manufacturer’s Printed Test Report via a Tektronics...

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconTest Process Improvement & Test/Build Tool Evaluation

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconAbstract While it might seem that the most important consideration...

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconTest hardware, configuration, and software in lab environment

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconTest Automation for Web Applications??

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconEnergy managers and energy auditors model test series-1 paper – 2:...

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconRevised Graduate Record Examinations® General Test Practice Test Number 1

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconRevised Graduate Record Examinations® General Test Practice Test Number 1

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconRevised Graduate Record Examinations® General Test Practice Test Number 1

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconBulletin new Test Procedures to be Discussed at Txapa test Procedure Committee

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconTest Analysis and Test Management. Have frequently turned around...

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconTest inputs to achieve mc/dc coverage of the code under test can now be generated automatically

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconTest Driven Development, nunit and the Microsoft Test Framework

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconTest to adequately test for the kind of smoke given off by modern furniture, and

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconTest units shall not be smaller in either width or height than the...

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconAbstract: This paper examines the successful application of tolerances...

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconCold War Test do not write on this test

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconTest equipment applications require signal stimuli varying from advanced...

Test lab managers, it professionals, and developers who manage the process of test signing and verifying applications iconTest written instructions against the process they propose to explain....




manual




When copying material provide a link © 2017
contacts
manual-guide.com
search