We have a component we use for encryption/decryption. We only want this component used by OUR companies components for obvious security reasons. Our design to acheive this is to digitally sign our components and peform a check where necessary to ensure the caller has the same digital signature. This has all be tested and works great.
My question is: In order for developers to work on projects which use our encryption/decryption component they will need to have the certificate on their machine as well as the certificates private key. These are needed locally so their components can be signed and work correctly with the encryption/decryption library.
It seems to me that by keeping the certificate and the corresponding private key on the developers machines it will compromise the privacy of the key. Can anyone think of another way around this?
Have a compile flag DEBUG (or in .NET, use the Debug vs Release configuration) and check for that in your digital signature checks – if compiled with debugging on, bypass the check. Developers typically will run in their machines in Debug mode, and you’d release to production from your build machine (which would produce a non-debug build).
Yes, it will compromise the privacy of the key. Please follow the below link to know more about ‘How Should My Code Signing Private Key Be Protected?’.
The only opt solution is to use a passphrase(you can find this option in the name of ‘User Protected’ during code siging cert signup). If you tick that ‘User Protected’ option it will ask you to enter the new password for the private key, so that whenever your private key is used it asks for password.