Y
Hacker News
new
|
ask
|
show
|
jobs
by
hinkley
3496 days ago
I used HSMs for a code signing project, and once someone can borrow your key to sign malicious payloads, it really doesn't matter if they have your signing key or not. You still have to get a new key, and clean up the mess.