Posts

This is how I manage my SSH private keys. I think this is a good balance between security and usability, but this setup is for me. Your situation may be different so read this as potential inspiration, not as a blueprint. I have a “master” key that gives access to all the clouds, linux machines and Git/GitHub. This gives lots of access so it must be protected. But I also use it often, so it must be easy to use. The way I solve this is using 1Password. It allows the keys to be used on multiple devices while keeping them secure through biometric authentication. ...

A long time ago my employer needed to sign a shrink-wrapped software package using Authenticode. This was my first experience with code signing. Below I summarize what code signing is, why it matters, the 2023 HSM requirements, and practical options for signing in local and CI environments. I have used Azure Key Vault for HSM-backed signing. What is code signing and why use it? A digital signature is an encrypted checksum of a file. It can be verified with the public key to ensure the file was not modified after signing and that the signer controls the corresponding private key. ...