Can a Windows Server CA separate code-signing keys from keys for other
purposes?
I am a software developer. My team encrypts the sensitive sections of our
ASP.NET web.config files. aspnet_regiis.exe is used to manage the local
key store, encrypt and decrypt.
I want to build a quick key-manager tool to avoid remembering its location
and syntax, based on a Powershell script I found using A Well Known Search
Engine. This is blocked by a domain policy:
PS H:\> Get-ExecutionPolicy
Restricted
Before I request that this is changed to RemoteSigned...
If all machines on the intranet were set to RemoteSigned, could a
certificate be created in the Domain CS for a hypothetical code-security
team such that the certificate could not be used for SSL or other
certificate-secured processes?
This would allow lowly devs to write scripts and have them signed without
giving each code reviewer excess trust.
No comments:
Post a Comment