Security concerns trying to sign downloadable exe file from my web app

Question

Let me explain my dilemma. I am writing an ASP.NET web application that is supposed to let a logged in user download my client-side Windows executable file. Before such file is downloaded the web app changes some strings inside the .exe file (by modifying the exe file image with the user selection).

I am now looking into a way to digitally sign this executable file with my code signing certificate. The problem is that to do this I need to run it through the Microsoft's signtool that requires either an installed digital certificate on the server where the web app is running from, or that I provide the .pfx file that contains my private key.

This bring up two issues:

1. If I go with installing my digital cert on the server, then anyone can use it to sign any executable off that server (which I would prefer to avoid.)

2. If I choose to upload the exported Personal Information Exchange (PFX file) for my certificate, I can protect it with a password, but signtool will require that password to sign my exe file, which it will need in a plain text form. So I will need to store the password somewhere, which is not that safe either.

Any suggestions, how shall I overcome these?

Answer 1

If you plan to use number 2, you can look into using SecureString to encrypt your password. You still need to initialize SecureString with the plain password for which you have two secure options.

1. Provide the string manually through a webpage (use SSL to protect this page from MITM attacks). This is the most secure option but it has a tradeoff that You have to provide the password every time app starts. Or,
2. Create a web service on a different server that will return this plain password (again communicating over SSL). This is not full proof because if the web service's server is compromized, your password is gone. However, by distributing risk into multiple servers, you make the job harder for hacker to break the security of the system.