Reply to post: Re: H/W vs S/W vs cloud

Windows code-signing tweaks sure to irritate software developers

patrickstar

Re: H/W vs S/W vs cloud

Doing this in the clown can actually be secure. Kind of, atleast. The trick is to have the HSM that keeps the keys also authenticate the user. Presumably with some sort of OTP/token scheme - presenting one OTP to the HSM means you get it to sign one hash for you.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon