Extrernally purchased certificate for dcpomatic

Anything and everything to do with DCP-o-matic.
Guddu
Posts: 153
Joined: Wed Oct 04, 2017 4:49 am

Extrernally purchased certificate for dcpomatic

Post by Guddu »

I would like to understand whether it is possible to use an externally purchased certificate (instead of the internally generated one) within DCP-o-matic for signing and encryption purposes.

Could you please guide me on the following:
  • Is it supported to use a third-party / purchased certificate in DCP-o-matic?
  • If yes, what type of certificate is required and from where it should be procured?
  • What is the correct process to import and configure the certificate and private key within DCP-o-matic?
  • Are there any specific format or compatibility requirements (e.g., PEM, chain structure, etc.)?
Additionally, are there any best practices or limitations we should be aware of when using external certificates instead of the default ones?
Top
IoannisSyrogiannis
Posts: 373
Joined: Mon Nov 13, 2017 8:40 pm
Location: Iceland

Re: Extrernally purchased certificate for dcpomatic

Post by IoannisSyrogiannis »

In theory (I don't know about practice) you may use an externally or individually procured private key and (similarly) a corresponding public key to create certificates for DCP-o-matic, used for the purpose of signing and encrypting.

Have a look here: https://www.computer.org/publications/t ... ertificate
On the paragraph titled "Benefits of Code Signing Certificate" it lists the following: "The integrity of the underlying code", "enhances user confidence", "removes the risk of tampering".

The question here is: How would it be that integrity, confidence and tampering-elimination would be achieved, if another application is creating the signing (and/or) encrypting certificates for DCP-o-matic? Wouldn't that beat the whole purpose of signing in the first place?
Top
StephW999
Posts: 84
Joined: Mon May 17, 2021 1:15 pm

Re: Extrernally purchased certificate for dcpomatic

Post by StephW999 »

Hi Guddu,
Here a exemple by Wolfgang Woehl , with a linux system and ruby environment
https://github.com/wolfgangw/digital_ci ... e-chain.rb
it makes a multitude of files that you can then enter in Dom :

Edit > Preference > Tab "Keys"

"Signing DCPs and KDMs" click button (Advanced)
click on Leaf Thumbprint and Remove it
click on Leaf Thumbprint and Remove it
click on Root Thumbprint and Remove it

Add ca.self-signed.pem
Add intermediate.signed.pem
Add leaf.signed.pem

"Leaf private key " click button (Import)
select KEY.file (*.key) on filter file dialog
select "leaf.key" file

Close window

here , i make an example of certicifate :
https://fromsmash.com/test-Guddu-certs
You do not have the required permissions to view the files attached to this post.
Top

Return to “DCP-o-matic”