对ClickOnce清单进行签名是为了什么? [英] What is signing ClickOnce manifests for?
问题描述
根据 Microsoft ,您必须签署您的ClickOnce应用程序.但是在我看来,当我发布它而不签名(通过关闭签署ClickOnce清单"选项)时,它的效果就很好.
According to Microsoft, you must sign your ClickOnce application. But it seems to me that it works just fine when I publish it without signing it (by turning off the 'Sign the ClickOnce manifests' option).
我真的不在乎并保留默认值(我想我正在使用测试证书),直到我更换计算机并开始收到一条消息,告诉我该应用程序使用的密钥与现有应用程序的密钥不同"服务器",似乎导致我的用户停止获取自动更新.显然,VS使用我计算机的名称来创建密钥.
I really didn't care and kept the default values (I think I was using a test certificate) until I changed computer and started getting a message telling me that 'The application is signed with a different key than the existing application on the server', which seems will cause my users to stop getting automatic updates. Apparently, VS uses my computer's name to create the key.
因此,我应该停止对我的ClickOnce清单进行签名以防止此类错误,还是唱歌有什么好处?另外,这些证书是在安装应用程序时显示公司名称:未知发行商"消息的证书,而不是显示我的公司名称吗?还是我需要购买两种不同类型的证书?
So, should I just stop signing my ClickOnce manifests to prevent this kind of error, or is there any benefit from singing it. Also, are these certificates the ones that would cause the 'Publisher: Unknown Publisher' message when installing the application to show my company name instead, or would I need to purchase two different kind of certificates?
推荐答案
这是一项安全功能,可让您的用户验证所有更新是否确实源自您之前安装的版本的发布者.这是公钥加密的基本属性. 最重要的是,您可以让证书由受信任的对等方授权,以便对提供的发布者的详细信息进行验证. (拥有与以前相同的发布者并不一定意味着有关该发布者的原始信息是正确的.这是购买者的优势.)
It's a security feature that allows your users to verify that any updates really originated from the publisher of the version you installed before. This is a basic property of Public Key encryption. On top of that you can have your certificate authorized by a trusted peer so that the details of the publisher supplied are also verified. (Having the same publisher as before doesn't have to mean the original information about the publisher is correct. That's the advantage of a bought one.)
所以总结:
- 没有证书可以使您的用户大吃一惊.
- 自签名证书使用户可以确定更新至少与原始安装来自同一发布者.但是仍然不知道这个原始物是从哪里来的.
- 所购买的证书使用户具有一定的确定性,即有关发布者的信息已由第三方(也是受信任的)验证.以及以下任何更新.
这篇关于对ClickOnce清单进行签名是为了什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
