Cert Central is a personal project to explore how to enable code signing for every developer without paying to Certificate Authorities.
Use X509 certificates as GPG keys
Recently I shared the project on Twitter and got a lot of feedback:
Exactly !! But we should not pretend that all users will sign with CA issued certs. Why not use self signed as GPG keys? Check out https://t.co/tkT0LX1L5y— rido (@ridomin) March 9, 2019
You could build a code signing model that is but that’s not the way things were done in the 90s and early 2ks when the MSFT created their model.— Ryan Hurst (@rmhrisk) March 9, 2019