部署（外部）签名的dll [英] Deploying a (externally) signed dll

问题描述

大家好，



安全部门签署了dll，它是我们创建的VSTO Excell Addin的一部分。我们没有访问（私人）密钥。



如何在不使用密钥/证书的情况下使用我们签名的dll创建安装包？



注意;我们的addin软件包还附带了Microsoft.Office.Tools.Common.v4.0.Utilities.dll



有什么想法吗？



谢谢！

Hi all,

The Security department has signed the dll, that comes as a part of the VSTO Excell Addin we created. We do not have acces to the (private) key.

How do i create an installation package using our signed dll without the use of the key/certificate?

Note; our addin package also comes with the Microsoft.Office.Tools.Common.v4.0.Utilities.dll

Any ideas?

Thanks!

推荐答案

你的问题没有任何意义。为什么需要该证书来部署.DLL？在我工作的地方，我们会部署一直签名的内容，而不会对证书做任何特殊处理。您只需构建安装程序即可将文件放在所需的位置。就是这样！



除非你在谈论用同样的证书签署.MSI吗？

Your question doesn't make any sense. Why do you need that certificate to deploy a .DLL?? Where I work, we deploy stuff that's signed all the time, without doing anything special at all with a certificate. You just build the installer to put the files where you want them. That's it!

Unless you're talking about signing the .MSI with the same certificate??

有这样一个笑话：一个完全醉酒的男人坐在驾驶室里，司机问他到哪儿去找他：

- 在哪里？

- 你们没有人做生意，你们猪！



也许你的安全部门就像那个醉酒的乘客。不，它没有任何意义。如果没有完整密钥对，则无法生成已签名的DLL。私钥永远不会被提供给用户，无法根据公钥和数据进行恢复，而且需要一些东西;这不符合逻辑吗？您真的需要了解公钥加密的工作原理：

http://en.wikipedia.org/wiki/Public-key_cryptography [ ^ ]，

http://en.wikipedia.org/wiki/ Digital_signature [ ^ ]。



实际上，它可以表现为众所周知的组织反模式，名为道德风险：

http://en.wikipedia.org/wiki/Anti-pattern [ ^ ]，

http://en.wikipedia.org/wiki/Moral_hazard [ ^ ]。



真的像你这样的偏执组织（但是，我怀疑在你的组织中工作是否可行），有一种延迟密钥签名的机制：http://msdn.microsoft.com/en-us/library/t07a3dye%28v=vs.110%29.aspx [ ^ ]。br />


怎么办？也许你需要联系你的某个级别的管理层，并微妙地暗示结构中存在的一些白痴完全破坏了整个业务部门。但首先，你需要自己学习和理解事物。但同样，这个病例是如此病态，以至于它属于那些收集滑稽计算机荒谬的网站之一。不确定在公司工作是否适合精神健康的人。

-SA

There is such a joke: a completely drunk man sits in the cab and the driver asks him where to get him:
—"Where to?"
—"None of you business, you swine!"

Maybe your security department is like that drunk passenger. No, it cannot make any sense. You cannot produce signed DLL without having the full key pair. The private key is never provided to the use, cannot be restored based on the public key and data, and it is needed for something; isn't it logical? And you really need to understand how public-key cryptography works:
http://en.wikipedia.org/wiki/Public-key_cryptography[^],
http://en.wikipedia.org/wiki/Digital_signature[^].

Actually, it can be a manifestation of the well-known organizational anti-pattern named "moral hazard":
http://en.wikipedia.org/wiki/Anti-pattern[^],
http://en.wikipedia.org/wiki/Moral_hazard[^].

For the really paranoid organizations, like yours (however, I doubt that working in your organization is possible at all), there is a mechanism of delayed key signing: http://msdn.microsoft.com/en-us/library/t07a3dye%28v=vs.110%29.aspx[^].

What to do? Maybe you need to contact some level of your administration and delicately hint that some idiots present in the structure totally sabotage the whole part of the business. But first, you need to learn and understand things yourself. But again, this case is so pathological that it rather belongs to one of those sites collecting comical computer absurdities. Not sure that working in your company is possible for a mentally healthy person.

—SA

这篇关于部署（外部）签名的dll的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！