代码签名证书选项 [英] Code Signing Certificate Options

问题描述

我已经被分配了购买数字证书的任务，以便我公司签署我们的代码。我们在Microsoft空间开发应用程序 - 主要是WPF或Web Based。

我研究了选项，发现Comodo价格合理，响应速度快，通过他们购买证书..但是在注册表单中有各种私钥选项，我不太确定，即：

1. CSP

   
   
   
   
   
   • Microsoft Base加密提供者
   
   
   • Microsoft Base智能卡加密提供程序
   
   
   • Microsoft增强加密提供程序v1.0
   
   
   • Microsoft软件加密提供程序
   
   



2. 键大小

   
   
   
   
   
   • 1024
   
   
   • 2048
   
   
   • 4096
   
   



3. 可汇出？

   
   
   
   
   
   • 是/否
   
   



4. 受保护吗？

   
   
   
   
   
   • 是/否
   
   

只是想知道这是什么意思，什么是最好的选择是我们的要求？欢迎任何建议/建议

感谢heaps
Greg

解决方案>

对于大多数用途，建议使用以下选项：

Microsoft Base加密提供程序
键大小：2048
可导出：是
用户保护：是

说实话，我不熟悉不同的CSP，但是Base每次都为我做这个工作。

密钥大小使密钥难以破解，但对于短期到中期密钥（3-5年），大于2048位是充足的（IMHO）。

可导出允许您导出私钥/证书对 - 对备份至关重要。

用户保护意味着您必须输入

希望这有助于。

I've been assigned the task of buying a digital certificate for my company to sign our code. We develop applications in the Microsoft space - mostly WPF or Web Based.

I've investigated options and found Comodo to be well priced and responsive, and we're ready to go ahead and purchase a cert through them.. however in the signup form there are various private key options that I'm not too sure about, namely:

1. CSP

   • Microsoft Base Cryptographic Provider
   • Microsoft Base Smart Card Crypto Provider
   • Microsoft Enhanced Cryptographic Provider v1.0
   • Microsoft Software Cryptographic Provider

2. Key Size

   • 1024
   • 2048
   • 4096

3. Exportable?

   • Yes / No

4. User Protected?

   • Yes / No

Just wondering what all of this means, and what the best options are for our requirements? Any advice/ suggestions would be appreciated

thanks heaps Greg

解决方案

For "most purposes" the following options are recommended:

Microsoft Base Cryptographic Provider Key Size: 2048 Exportable: Yes User Protected: Yes

To be honest, I'm not familiar with the different CSPs, but the Base does the job every time for me.

Key Size makes the keys harder to crack, but more than 2048-bits for a short to medium term key (3-5 years) is ample (IMHO).

Exportable lets you export the private key/certificate pair - essential for backing it up!

User Protected means that you must enter a password everytime that you want to use the cert - highly recommended to prevent accidental or malicious signing of code with your certificate.

Hope this helps.

这篇关于代码签名证书选项的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！