Hello all,
is it possible to place the code signing cert that SCUP uses to sign packages on a smart card? I think SCUP expects this to be local, and I was wondering whether it / the provider had the ability to prompt for the smart card and pin etc, or would it just crash and fail?
My concern is that if the code signing cert is placed in the registry, it can be exported and then used to sign malicious code that would be accepted without question in the enterprise.