https://github.com/ridomin/secure-packages-demo

https://github.com/ridomin/secure-packages-demo

code-signing nuget self-signed-certificate

Last synced: 7 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/ridomin/secure-packages-demo
• Owner: ridomin
• Created: 2019-03-11T05:47:34.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2020-08-25T19:56:06.000Z (about 5 years ago)
• Last Synced: 2025-01-29T16:43:26.766Z (8 months ago)
• Topics: code-signing, nuget, self-signed-certificate
• Language: C#
• Size: 19.5 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# secure packages demo

This repo contains a sample `nuget.config` file with advanced security requirements based on NuGet package signatures

## Trusted Signers

The trusted signers feature was announced in the [blog post](https://blog.nuget.org/20181205/Lock-down-your-dependencies-using-configurable-trust-policies.html) introducing trust policies for nuget

## Trusting Repository Signatures from NuGet.org

The configuration file includes the fingerprint for the NuGet.org repository signature

```xml

   

      Microsoft

```

>Note that we are only trusting packages owned by Microsoft

To trust an specific author based on the author signature, whether it's acquired from NuGet.org or any other repository

```xml

    

      

    

```

## Trusting Self Signed Certificates

In this demo, the package `.\_pkgs\System.Rido.1.0.8-pre.nupkg` is signed with a self-signed certificate.

NuGet policies allow to trust a certificate that does not chain to a trusted root by enabling the `allowUntrustedRoot` attribute

```xml

  

    

```

>The self-signed certificate is associated with my [CertCentral](https://certcentral.x509.online/home/UserCerts/ridomin) account.