Code Signing Certificate
Steve Wolf
stevewolf6 at gmail.com
Wed Jan 3 01:58:09 UTC 2024
On Tue, Jan 2, 2024 at 7:23 PM bsimpson nvastro.com <bsimpson at nvastro.com>
wrote:
> What letsencrypt.org provides is the way to certify a website and I use
> them for my website. However I don't believe they have anything to do with
> certifying a package that you download from a website. I need to certify
> my code.
>
LetsEncrypt was my first thought as well, but I quickly realized it won't
work for your situation. A signed package encrypts a footprint of the file
(such as a hash) with the site's private key. The user verifies the file
by decrypting the footprint with the site's public key and making sure
nothing has changed.
Since LetsEncrypt only gets you a 90-day cert before it expires (requiring
frequent renewal), you'd have to rebuild your package every three months,
and old copies of the package would fail authentication.
I'm not aware of any free services that provide a long-term certificate.
You'll probably have to pay for one.
Regards,
Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.nclug.org/pipermail/nclug/attachments/20240102/bd64c7b5/attachment-0001.htm>
More information about the NCLUG
mailing list