Signed Certificate [Installer Builds 1.9.92 to 1.9.100] (Version 2)
The certificate I used is a self-signed certificate and would have to be manually added to the Windows Certificate Store under Trusted Root Certification. But isn't necessary to do.
If you want to check and verify the installer (to check for tampering) please do the following:
Method 1:
- Check the Certificate that was used to sign the file
https://sbrw-crl.davidcarbon.download/DavidCarbon_ca.crt- https://davidcarbon.gitlab.io/certificate-authority/sbrw/DavidCarbon_CA.crt
- This would always ensure that the installer version is not tampered
To manually create the certificate just visit the link here:
https://sbrw-crl.davidcarbon.dev/soapbox-race-world/DavidCarbon_ca.txt- https://davidcarbon.gitlab.io/certificate-authority/sbrw/DavidCarbon_CA.txt
Or go stright the Installer's CRT. to check and verify
https://sbrw-crl.davidcarbon.download/origin_ca.txt- https://davidcarbon.gitlab.io/certificate-authority/sbrw/origin_ca.txt
- This method will require you the user to manually check the signatures by command line or application to check
Hopefully this can get adopted in some form but I bet someone would say that this is a real stupid idea ¯_(ツ)_/¯
First thing is first is security the database that hosts all of the Certificates are offline and manually generated. This ensures that if someone where to get a hold of a CA from someone else for example if spideybro2 CA Keys were to be stolen, then the issuer would be able to revoke their CA and any apps signed after the reported incident will no longer be valid.
- DavidCarbon C.A.
- Soapbox Race World Installer
- spideybro2
Head CA would now changed spideybro2 to be revoked between a time window, rendering anymore code signing no longer valid.
- DavidCarbon C.A.
- Soapbox Race World Installer