Home: XPlat Signing and verification for dotnet core & mono

Created on 1 Apr 2019 · 4Comments · Source: NuGet/Home

This epic covers the work needed in order to fully port NuGet's package signing and verification features to all platforms, including mono, as well as the dotnet command itself.
The dotnet APIs have specific XPLAT behaviors that we need to address when tackling signing and verification XPLAT. This will mean either document known behavior or do functional changes in specific platforms.

Some things are:

[ ] X509RevocationMode.Offline is not supported on macOS
[ ] OSCP are not supported in Linux

More info: https://github.com/dotnet/corefx/blob/master/Documentation/architecture/cross-platform-cryptography.md

Note: Make sure to read the document before implementing since it might change.

There is an initial PR and a summary of remaining work in that PR over at https://github.com/NuGet/NuGet.Client/pull/2706

Epic Signing In Progress 2 DCR

Source

rrelyea

Most helpful comment

hey @bruno-garcia - we are actively working on this.

karann-msft on 12 Jul 2019

❤4

All 4 comments

Note this PR shows it working: https://github.com/NuGet/NuGet.Client/pull/2545

There are a couple of comments in there w.r.t. a ComputeSignature overload that needs to be changed as well.

clairernovotny on 10 Apr 2019

Any update on this? We've got a certificate laying around since August last year but having to get a Windows VM just to run the signing (Thanks @onovotny for SignService) is not ideal.