Signing and Uploading Installers

This document describes the process for registering our public/private keys on a build machine for the purpose of generating a signature file from an installer.

As of Dynamo 0.7.1, we now use public/private key cryptography to verify the contents of an update. The public and private key pairs are held in certificates that are stored in certificate stores on the build machine and on the user's machine. When an installer is generated on the build machine, the private key is used to generate a signature file. When an update and a signature file are downloaded on the user's machine, the downloaded update is validated using the signature file and the public key available in a certificate that is installed on the user's machine. The Dynamo.cer file containing the public key is now included in the Dynamo installer. On first update, Dynamo will check for this certificate in the current user's "current user" certificate store. If it is not installed, Dynamo will install it.

##Installing the Public/Private Keys##

The public/private key pair are stored in a Personal Information Exchange (.pfx) file. In order to generate a signature file from an installer, you will need to travel to Valhalla and beg Odin for a copy of this file. Once you arrive back in the land of mortals, you will need to install the file on your machine.

Double clicking on this file will bring up Windows' Certificate Import Wizard.

###First Screen:### Choose Store Location -> Local Machine

###Second Screen:### Choose the location of your .pfx file.

###Third Screen:### Select "Mark this key as exportable..." Select "Include all extended properties." Enter the password for the .pfx file. This will have etched into the blade of the sword provided to you by Odin.

###Fourth Screen:### Select "Automatically select the certificate store based on the type of certificate."

###Fifth Screen:### Select "Finish"

##Signing the Installer## The SignDynamo tool in \src\Tools\SignDynamo can now be used to generate a signature file using the installed Dynamo public and private keys. Type SignDynamo -h in the output directory to see how to use this tool. Using this tool will generate a .sig file in the same location as the specified install file.