Menu

#1179 build/release: Windows binary signature with PKCS#11 HSM

6.1
open-fixed
5
2023-06-20
2023-05-28
No

After Nov. 2022, we need to prepare hardware security module (HSM) to get a certificate for code signing and generate private key in HSM.

Current Gradle script requires PCKS#12 pfx format. Now private key is stored in HSM, we can not produce pfx file with it.
We should update Gradle script to use PKCS#11 HSM.

Dev-ML discussion:
https://sourceforge.net/p/omegat/mailman/omegat-development/thread/29693F8C-26C0-44CE-9F65-E2A7D5D68E80%40traduction-libre.org/#msg37834709

Discussion

  • Hiroshi Miura

    Hiroshi Miura - 2023-05-30

    From Comodo support page;
    https://help.comodosslstore.com/support/solutions/articles/22000280787-code-signing-certificate-delivery-methods

    It seems we need to know what HSM token hardware is provided from docmodo to know a proper driver file, if we plan to buy certification from comodo.

    Code Signing Certificate Delivery Methods
    Modified on: Tue, May 16, 2023 at 12:48 PM

    Code Signing certificates are now required to be installed on physical hardware tokens. For standard Organization Validation (OV) or Individual Validation (IV) Code Signing certificates, you can either purchase pre-configured certificate tokens, or you can order a certificate to be installed on an existing hardware device you already own.

    When purchasing your code signing certificate, you can choose the Certificate Delivery Method that works best for you. Please make sure to select the correct certificate delivery method before you complete your purchase, as the method cannot be changed afterward.

    Token + Shipping
    To order a pre-configured token from the Certificate Authority, select the Token + Shipping method. The cost of the hardware and the shipping fees will be included in the purchase price.

    Most users should consider this option.

     
  • Hiroshi Miura

    Hiroshi Miura - 2023-05-30

    Comodo seems provide Gemalto eToken 5110. We can add an example to use it by adding library path. /usr/lib64/libIDPrimePKCS11.so

     
    👍
    1
  • Hiroshi Miura

    Hiroshi Miura - 2023-06-20
    • status: open --> open-fixed
     

Log in to post a comment.

Auth0 Logo