Coffeehouse Post

Single Post Permalink

View Thread: Signed Assemblies - "crackable"??
  • User profile image

    lars wrote:
    "What will be your actions in case if private key used for generation of that strong name become compromised?"
    You better make sure it isn't. The secret key must per definition be kept a secret. Doesn't really matter how you go about it, if someone steals your keys you're toast.


    Indeed. If you know the company UD (United Devices, they are using distributed computing to help find a cure for cancer) they've explained how they kept their program and updates secure. For example, only signed updates are downloaded by the agent program a user is running on their computer. But if the programmer needs to retrieve the private key 2 managers with a special (physical) key need to open the vault which has very thick walls.