Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersCode Signing - New requirements
tchart

2299 posts

Uber Geek

ID Verified
Trusted

#306778 21-Aug-2023 08:20
Send private message quote this post

Hi All

After some local advice.

My code signing certificate is up for renewal in November so I figured I’d get onto it early. I must’ve missed the new requirements as since June/July you need a physical token to store the certificate. With all the requirement changes the prices have jumped significantly.

Seems like there are two options.

1. Get a fips Yubikey (which seems to be out of stock everywhere) and get a certificate the hard way
2. Pay an extra US$115-200 for a certificate and key

Anybody else gone through this recently?

Create new topic
Lias
5250 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #3118411 21-Aug-2023 09:49
Send private message quote this post

Yikes, following with interest.




I'm a geek, a gamer, a dad and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it.

 
 
 
 

Best TrendMicro deals for antivirus and malware protection(affiliate link).
mentalinc
2747 posts

Uber Geek

Trusted

  #3118415 21-Aug-2023 09:55
Send private message quote this post

Are to share a link to what you're referencing here?




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

Lias
5250 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #3118431 21-Aug-2023 10:32
Send private message quote this post

https://knowledge.digicert.com/alerts/code-signing-changes-in-2023.html

 

 




I'm a geek, a gamer, a dad and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it.



tchart

2299 posts

Uber Geek

ID Verified
Trusted

  #3118440 21-Aug-2023 11:12
Send private message quote this post

Lias:

 

https://knowledge.digicert.com/alerts/code-signing-changes-in-2023.html

 

 

Yep thats it but to summarise;

 

     

  1. From June 2023 you have to store code signing certs on a physical device - etoken/yubikey/HMS
  2. Some cert vendors will only sell you a cert with a physical device (for an additional ~USD$120)
  3. The price has jumped significantly (cheapest I can find is $400-500 USD)
  4. Some vendors will let you use your own device while some dont
  5. Some vendors offer a cloud service but this is something like US$20 per month for limited signing and this is in addition to the the cert cost.

 

RE #4 this seems to be fraught with issues, while it can be done one video I watched the creator said to just pay the extra $120 as support is difficult if doing it DIY

 

Oh and as mentioned I dont know if this change has resulted in a supply issue but I cant find any local suppliers with stock of the FIPS yubikeys.

Lias
5250 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #3118455 21-Aug-2023 11:29
Send private message quote this post

I need to understand how that's going to work with VMs.. how exactly is a physical token meant to be used when the code is built on a VM...




I'm a geek, a gamer, a dad and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it.

tchart

2299 posts

Uber Geek

ID Verified
Trusted

  #3118467 21-Aug-2023 12:23
Send private message quote this post

Lias:

 

I need to understand how that's going to work with VMs.. how exactly is a physical token meant to be used when the code is built on a VM...

 

 

Yup thats a common question thats come up. Some sites sugest doing pass through etc.

 

I did see some mention of using Azure Keyvault but I dont know how realistic that is.

 

EDIT: The Azure Keyvault option only worked prior to the need for physical storage.

tchart

2299 posts

Uber Geek

ID Verified
Trusted

  #3160579 17-Nov-2023 14:59
Send private message quote this post

Sorry to revive this topic. My renewal was up and luckily I stumbled across SSL Trust (in Oz). They offer Verokey code signing certs which are about half the price of Comodo etc.

 

Ended up being about NZ$800 for 3 year cert and shipped USB Token.

 

https://www.ssltrust.com.au/ssl-certificates/code-signing

 

The org validation was much more fluid than last time too.

 

Now to figure out how to use this USB cert store thing...



Lias
5250 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #3160615 17-Nov-2023 15:19
Send private message quote this post

We ended up using Azure Keyvault, you just need to pay for Premium rather than Standard to get HSM support.




I'm a geek, a gamer, a dad and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it.

tchart

2299 posts

Uber Geek

ID Verified
Trusted

  #3160618 17-Nov-2023 15:22
Send private message quote this post

Lias:

 

We ended up using Azure Keyvault, you just need to pay for Premium rather than Standard to get HSM support.

 

 

Good to know!

 

 

Create new topic





News and reviews »

New Air Traffic Management Platform and Resilient Buildings a Milestone for Airways
Posted 6-Dec-2023 05:00

Logitech G Launches New Flagship Console Wireless Gaming Headset Astro A50 X
Posted 5-Dec-2023 21:00

NordVPN Helps Users Protect Themselves From Vulnerable Apps
Posted 5-Dec-2023 14:27

First-of-its-Kind Flight Trials Integrate Uncrewed Aircraft Into Controlled Airspace
Posted 5-Dec-2023 13:59

Prodigi Technology Services Announces Strategic Acquisition of Conex
Posted 4-Dec-2023 09:33

Samsung Announces Galaxy AI
Posted 28-Nov-2023 14:48

Epson Launches EH-LS650 Ultra Short Throw Smart Streaming Laser Projector
Posted 28-Nov-2023 14:38

Fitbit Charge 6 Review
Posted 27-Nov-2023 16:21

Cisco Launches New Research Highlighting Gap in Preparedness for AI
Posted 23-Nov-2023 15:50

Seagate Takes Block Storage System to New Heights Reaching 2.5 PB
Posted 23-Nov-2023 15:45

Seagate Nytro 4350 NVMe SSD Delivers Consistent Application Performance and High QoS to Data Centers
Posted 23-Nov-2023 15:38

Amazon Fire TV Stick 4k Max (2nd Generation) Review
Posted 14-Nov-2023 16:17

Over half of New Zealand adults surveyed concerned about AI shopping scams
Posted 3-Nov-2023 10:42

Super Mario Bros. Wonder Launches on Nintendo Switch
Posted 24-Oct-2023 10:56

Google Releases Nest WiFi Pro in New Zealand
Posted 24-Oct-2023 10:18








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup






RSS feeds
Main feed
Forums feed
Copyright
©2002-2023 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Affiliate links
Mighty Ape
Sharesies
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.