[Coco] Digital certificate

James Ross jrosslist at outlook.com
Sat Jun 3 00:47:47 EDT 2017


That’s very interesting you’ve setup your own Certificate Authority (CA)! 

We could ask the community what they think about it.  And since Bill Pierce is going to be controlling the “official release(s)” (which I am totally OK with, btw) we can ask him what he wants to do w/ the final release(s), and if he is going to build the final binaries himself, or I am and send them to him + would we have to sign the installer in addition to the executable? ... etc... which we are still a ways away. 

I'd be open to the idea, Barry.  Just not sure if it's that critical / necessary.  Thanks for offering.

In lieu of a digital signature, I could also publish the MD5/SHA1/256 of the zip file ... so folks could be certain they have indeed the file I created and that it has not been hijacked.  Either way, it just confirms -- yes, this is the original untouched file from the author. 

So on that note: the current/last beta release zip file I did 

http://jamesross.biz/VCC/VCC-JR_2017-05-26.zip

MD5: A2E1E341AB258384A49C606EA447AED9
SHA1: 0B473795EB865D4FC1B4DC9B4B6E2548AC02A8BC
SHA-256: FA6F352701D0962DA69A5C9A16D8462819999CE41FDADDE2280495D20B618796

I'll do the same on any future beta's ... 

James

PS: will have an update on the Becker issue soon ... 
________________________________________
From: Coco <coco-bounces at maltedmedia.com> on behalf of Barry Nelson <barry.nelson at amobiledevice.com>
Subject: [Coco] Digital certificate

> James Ross jrosslist at outlook.com 
> I can look at getting (I think I'd have to buy it) a digital signature at some point. 
> Until then the only option would be to learn how to disable that warning in this instance.

If people using VCC are willing to install my CA root certificate, I can provide you with a software signing certificate for free. This would not be a “self signed” certificate, it would actually be issued by my certificate authority, however my CA is not trusted by windows and it’s certificate would need to be installed. I would keep the private key on my system so other bogus certificates could not be created.



More information about the Coco mailing list