You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, this is just a suggestion for something I am trying to do without python, and that is to replace the signature and public key values within a Certificate Signing Request "CSR."
I think that, combined with AWS KMS (not AWS CloudHMS), there could be a relatively cost effective solution for independent software developers who need to codesign in a continuous integration situation, i.e. from command line on a remote "build" computer. Step 1 of that is to securely sign a CSR to give to a third party certificate supplier, so that the resulting EXE signature shows up as valid.
Meanwhile thank you for everything jsign already does.
The text was updated successfully, but these errors were encountered:
Interesting idea, thank you. Signing a CSR is fairly easy in Java with Bouncy Castle (https://stackoverflow.com/questions/7230330/sign-csr-using-bouncy-castle), however Jsign handles PKCS#7 signatures instead of raw signed hashes as found in CSR files. It might be possible to wrap the raw hash into a fake PKCS#7 structure to work around this mismatch though, I'll think about it.
Thanks! I found a very useful ASN.1 visualizer today: https://lapo.it/asn1js/
-- useful at least for those of us who do not already see the structure and sequences clearly.
Hi, this is just a suggestion for something I am trying to do without python, and that is to replace the signature and public key values within a Certificate Signing Request "CSR."
This is the python-based solution: https://github.com/g-a-d/aws-kms-sign-csr
I think that, combined with AWS KMS (not AWS CloudHMS), there could be a relatively cost effective solution for independent software developers who need to codesign in a continuous integration situation, i.e. from command line on a remote "build" computer. Step 1 of that is to securely sign a CSR to give to a third party certificate supplier, so that the resulting EXE signature shows up as valid.
Meanwhile thank you for everything jsign already does.
The text was updated successfully, but these errors were encountered: