Hi @Gilad Noy ,
Welcome to Microsoft Q&A!
I understand your need is to prevent the creation of malicious software packages on unauthorized PCs. But currently there is no documented UWP API that can do what you want.
Thank you!
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello.
We have a UWP published through the MS store using the Microsoft Partner Center.
For security reasons, we want to block uploads of any package, unless it was signed with a private key from a specific certificate.
From a small search and testing, it seems that a package can be successfully uploaded as long as it has the same publisher id and PFN associated with the store, even if the package was signed with different certificates.
Is there a way to make sure the public key and/or thumbprint of the certificate used to sign are also validated when uploading a package?
Thanks,
Gilad.
Hi @Gilad Noy ,
Welcome to Microsoft Q&A!
I understand your need is to prevent the creation of malicious software packages on unauthorized PCs. But currently there is no documented UWP API that can do what you want.
Thank you!