哪些文件进行数字签名 [英] Which files should be digitally signed
问题描述
我想知道哪些文件应该进行数字签名?我说的不是强命名程序集,但有关数字签名的文件,这样就可以确定他们是否被篡改。
我阅读下面的<一个href="http://blogs.msdn.com/b/ieinternals/archive/2011/03/22/authenti$c$c-$c$c-signing-for-developers-for-file-downloads-building-smartscreen-application-reputation.aspx"相对=nofollow>帖子。作者指出,所有安装文件都应该签署,以及主要的可执行程序 - 这听起来合理,但对于其他的文件和应用程序
我知道,ClickOnce应用程序有其明显的签署,不能确定安装程序本身,但作为清单包含了一些文件哈希,我想这是没有必要其他人签署任何文件,或者是什么呢?
在一个富客户端 - ?如果我签了主要的可执行文件,但使用的插件机制,要我签的插件以及
Web应用程序 - 我应该签署,使Web应用程序的组件
?如何移动应用程序?
在一般情况下,我在找哪个文件/文件类型应为不同类型的应用程序
签署的最佳实践- 您或许应该的签署一项保证免受篡改的,包括安装的所有文件。
- 插件系统 - 是的,在我的插件系统,我有我的插件作家签上自己的插件,用钥匙,我提供。你应该检查之前关键的presence加载。
- Web应用程序 - 可选或许因为你永远不必担心第三方安装。当然,除非你的web应用程序加载插件
- 的移动应用程序 - 取决于移动操作系统。的iOS比如要求你这样做
I am wondering what files should be digitally signed? I'm not talking about strong naming assemblies, but about digitally signing files so that it is possible to determine if they have been tampered with.
I read the following post. The author states that all installer files should be signed as well as the main program executable - that sounds reasonable, but what about other files and applications?
I know that ClickOnce applications have their manifest signed, not sure about the installer itself, but as the manifest contains some file hashes, I guess that it's not necessary to sign anything else, or is it?
In a rich client - if I sign the main executable, but use a plugin mechanism, should I sign the plugins as well?
Web applications - should I sign the assemblies that make the web app?
How about mobile apps?
In general, I'm looking for best practices on which files/file types should be signed for various types of applications
- you should perhaps sign all files that warrant protection from tampering, including installers.
- plugin system - yes, in my plug-in system i have my plug-in writers sign their plug-in with a key that i provide. you should check for the presence of the key prior to load.
- web applications - optional perhaps since you never have to worry about 3rd party installation. unless of course your web app loads plug-ins
- mobile apps - depends on mobile OS. iOS for example requires you to do so
这篇关于哪些文件进行数字签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
