[UWP]代码签名证书 [英] [UWP] code signing certificate

问题描述

我们最初将Windows 10 UWP应用程序加载到客户端并最终提交到商店。我的问题是分别为侧载和商店发布所需的代码签名证书，我们可以使用自签名证书，例如openssl创建的
或Visual Studio生成的临时证书进行侧载或商店发布吗？提前致谢

We have a windows 10 UWP app to be side loaded to our customers initially and submit to store eventually. My question is what code signing certificate needed for side load and store release respectively, can we use self-signed certificate such as created from openssl or Visual Studio generated temporary certificate for side load or store release? Thanks in advance

Josh

推荐答案

如果您通过商店发布，那么该应用将是由Microsoft签名。

If you publish through the store then the app will be signed by Microsoft.

对于侧载，您可以使用具有正确属性的任何受信任证书。请参阅创建包签名证书和
签署应用程序包。后者包括证书要求：

For side-loading you can use any trusted cert with the correct properties. See Create a certificate for package signing and Signing an app package . The latter includes the certificate requirements:

在打包期间，Visual Studio验证指定的证书通过以下方式：

During packaging, Visual Studio validates the specified certificate in the following ways:

• 
  

  验证是否存在基本约束扩展名及其值，必须是
  主题类型=最终实体或未指定。

• Verifies the presence of the Basic Constraints extension and its value, which must be either Subject Type=End Entity or unspecified.

验证<的值span>增强型密钥用法属性，必须包含
代码签名，并且还可能包含终身签名。禁止任何其他EKU。

Verifies the value of the Enhanced Key Usage property, which must contain Code Signing and may also contain Lifetime Signing. Any other EKUs are prohibited.

验证 KeyUsage（KU）属性的值，该属性必须是
取消设置或 DigitalSignature 。

Verifies the value of the KeyUsage (KU) property, which must be either Unset or DigitalSignature.

验证是否存在私有密钥存在。

Verifies the existence of a private key exists.

验证证书是否处于活动状态，是否已过期且尚未撤销。

Verifies whether the certificate is active, hasn’t expired, and hasn't been revoked.

这篇关于[UWP]代码签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！