开源项目的代码签名证书? [英] Code signing certificate for open-source projects?
问题描述
我想将我的一个应用程序发布为开源,并想用自己的证书对我创建的二进制文件进行数字签名. (当然,其他任何人都可以下载代码并使用自己的证书自己构建代码.)我想这样做,以便任何人都可以检查此构建是我而不是其他人进行的.我还想用有效的SSL证书创建一个安全的网站,以便访问者可以安全的方式创建自己的帐户,以便为该项目做出贡献.
I want to publish one of my applications as open-source and want to digitally sign the binaries I've created with my own certificate. (Of course, anyone else can just download the code and build it themselves with their own certificate.) I want to do this so anyone can check that this build was made by me, not by someone else. I also want to create a secure website with a valid SSL certificate so visitors can create their own accounts in a secure way so they can contribute to this project.
我可以创建一个自签名证书,但是我真的不喜欢该选项.或者,我可以向Verisign支付几枚金币,以获得可以在短短几年内有效的证书.我也不喜欢这种选择,因为我的国库对我来说很有价值.
I could create a self-signed certificate, but I don't really like that option. Or I could pay Verisign a few gold pieces to get the certificates that would be valid for just a few years. I don't like that option either, since my treasury is valuable to me.
那么,还有其他选择吗?例如,通过以优惠的价格提供证书来支持开源项目的提供商?它不是免费的,只是比Verisign便宜得多...
So, are there any other options? For example, a provider that supports open-source projects by offering certificates for a reduced price? It doesn't have to be free, just a lot less expensive than Verisign...
(该项目是在C#中使用 VisualStudio®2008 创建的.需要SSL的ASP.NET中的其他项目.)
(The Project is created in C# with Visual Studio 2008. Plus an additional project in ASP.NET that wants SSL.)
推荐答案
您可以尝试 CAcert .有了它,您便获得了其他CAcert用户的认证. CAcert具有基于信誉的系统,因此,如果您获得足够的认证,则您的证书将被视为有效.
You can try CAcert. With this you get certified by other CAcert-users. CAcert has a reputation-based system, so if you are certified often enough your certificate is counted as valid.
您可能必须将CAcert添加为目标系统上的可信授权.自签名可执行文件应该是足够的选择,但是您需要提供公共证书.使用已知的授权机构可以帮助验证文件,但是我认为在这种情况下,使用文件的校验和或sha2哈希与您的自签名证书结合使用会导致文件被杀.您可以将Linux机器设置为CA,但是他们需要信任您的公共证书.
You may have to add CAcert as a trusted authority on the target system. Self signing your executable should be a sufficient option but you will need to provide the public certificate. Using a known authority can help verify the file but I think it is over kill in this case use a checksum or sha2 hash of the file in combination with your self signed certificate. You could set up a linux box as a CA however they will need to trust your public certificate.
这篇关于开源项目的代码签名证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
