Support for Azure Trusted Signing service

[mappu]

Azure have a new Authenticode codesigning service: https://azure.microsoft.com/en-us/products/trusted-signing

It is more expensive than Azure Key Vault but includes the certificate in the cost already, there is no separate first step to provision and configure the certificate. It can be more user-friendly.

I would be really interested to see Azure Trusted Signing support inside Relic,

[arush15june]

One major issue is that you can only use Azure Trusted Signing from a Windows system.

We used to use Relic with a regular code signing certificate. However, new code-signing certificates cannot be used directly and require an HSM to store them. We have shifted to Azure Trusted Signing; however, as it can only be run from a Windows System (requiring Signtool), we had to build a custom service and host it on a Windows machine.

The certificate is great though, no more smartscreen issues.

[mappu]

Azure Trusted Signing can be used from a non-Windows system, with e.g. https://github.com/ebourg/jsign. Their initial implementation of ATS was in commit ebourg/jsign@00a4004 although it has matured since.

It's possible to use it via jsign, but, having it in Relic would be preferable.

[arush15june]

Azure Trusted Signing can be used from a non-Windows system, with e.g. https://github.com/ebourg/jsign. Their initial implementation of ATS was in commit ebourg/jsign@00a4004 although it has matured since.

It's possible to use it via jsign, but, having it in Relic would be preferable.

Thanks for sharing this, I was unaware of jsign

[arush15june]

We implemented jsign, dockerized it as well

You can pull from ghcr

https://github.com/FourCoreLabs/jsign-docker

[scheibling]

We've recently built a library for Azure Trusted Signing in Go, currently working on a crypto.Signer interface which should be ready within a few days. Might try to start a PR at that point

https://github.com/ossign/go-azure-trusted-signing