code signing certificate validation

Hey Kristjan,

Yes, there's a ready-made security check. Just enable update-signing in your wyBuild project. Then click "Generate new keys".

When you rebuild wyUpdate a new client.wyc and wyUpdate.exe will be output. The client.wyc contains the new "verification key". So when you build updates (and customers using that client.wyc file) will only be able to install updates that have been signed using your keys.

This goes without saying but if you're using update signing then you must have a backup of the update signing keys (in case you lose the project or your harddrive goes bad, etc.).

Tell me if this helps.

thanks for pointing this out - very useful! my question was similar, but not exactly the same in that i asked about verifying according to a code signing certificate that i already employ when deploying my application (an msi in my case. e.g. checking that specified included assemblies have a specific digital signature as authorized by GoDaddy, for instance ( http://www.godaddy.com/ssl/code-signing-certificate.aspx )

The existing "extra" signing option seems to offer similar security though and i suppose there is no harm in also using the option you highlighted (i assume it does not interfere with the digital signatures of teh included files, but signs the update package itself?..)

thanks Sam.

i assume it does not interfere with the digital signatures of teh included files, but signs the update package itself?..)

Correct. The update signing doesn't effect anything excepts making sure the updates are valid.

signing certificate that i already employ when deploying my application (an msi in my case. e.g. checking that specified included assemblies have a specific digital signature as authorized by GoDaddy, for instance ( http://www.godaddy.com/ssl/code-signing-certificate.aspx )

You don't need to use the code signing cert for update signing. The same concepts apply, except we don't make you purchase the encryption keys.