Programming is just not fun any more. Being creative is now just completely overwhelmed by ... whatever this is... just to get the thing on the air so people won't hack or steal. *Security* is a job we need AI to handle, not to replace our own creativity in the app itself..... sqb -- Stephen Barncard - Sebastopol Ca. USA - mixstream.org
On Tue, Oct 10, 2023 at 6:57 AM matthias rebbe via use-livecode < use-livecode@lists.runrev.com> wrote: > Paul, > > just googled a little bit... > > If you have a safenet USB Token, than there seems to be a way to disable > the password pop up. > > https://www.finalbuilder.com/resources/blogs/code-signing-with-usb-tokens > > > Am 10.10.2023 um 15:05 schrieb Paul Dupuis via use-livecode < > use-livecode@lists.runrev.com>: > > > > On 10/10/2023 8:53 AM, matthias rebbe via use-livecode wrote: > >> Hello Paul, > >> > >> unfortunately this is the "new" standard. Since 1st June 2023 private > keys has to be stored on a Token. > >> > https://www.sslpoint.com/new-private-key-storage-requirement-for-standard-code-signing-certificates/ > >> > >> There is no way anymore to export a certificate for example to .pfx. > >> And much more of a pain, it is not possible anymore to code sign > Windows app under macOS or at least i was not able to so so far. > >> > >> I have a "cloud" certificate from Certum which i purchased from SSL > Point (https://www.sslpoint.com <https://www.sslpoint.com/>) > >> > >> With this type of certificate the private key is not stored on a USB > token. This "cloud" certifcate works similar to a usb token. I also have > to install some software. This software allow me to login to the "cloud" > and after successful login i can use that certificate > >> with Microsoft's signtool and JARsigner. > >> > https://www.files.certum.eu/documents/manual_en/Code-Signing-signing-the-code-using-tools-like-Singtool-and-Jarsigner_v2.3.pdf > >> > >> So to automate your signing, you just have to keep a Windows PC running > and make sure that you are logged in to the "Cloud". As long as the > software is logged in you have access to the certificate. > >> I don't know if this is also the case with the USB Token. Could not > test it, because i do not have a usb token. ;) > >> > >> > >> Regards, > >> Matthias > > > > First, thank you for the very informative reply (with links!) > > > > Second, this "new" standard STINKS! > > > > The cloud cert sound interesting, but we recently renewed out macOS cert > and now we've just renewed our Windows cert, so, short of trying to get > money back from Comodo and switching to the "cloud", I guess I am stuck > with the "new" crappy standard. > > > > I do not see how large software companies that automate build, signing, > and even QA testing can accept this change. But they must of the suppliers > of certs would not go this route for loss of income. > > > > > > _______________________________________________ > > use-livecode mailing list > > use-livecode@lists.runrev.com > > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > > http://lists.runrev.com/mailman/listinfo/use-livecode > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
