I am integrating sparkle in my mac app for automatic updates of app. following this but i have problem with step 3 Segue for security concerns
EdDSA (ed25519) signatures
To prepare signing with EdDSA signatures:
First, run ./bin/generate_keys tool (from the Sparkle distribution root). This needs to be done only once. This tool will do two things: * It will generate a private key and save it in your login Keychain on your Mac. You don’t need to do anything with it, but don’t lose access to your Mac’s Keychain. If you lose it, you may not be able to issue any new updates! * It will print your public key to embed into applications. Copy that key (it’s a base64-encoded string). You can run ./bin/generate_keys again to see your public key at any time.
Add your public key to your app’s Info.plist as a SUPublicEDKey property.
I have few questions on this implementation
1.what if i lost in future the Private key which is stored in keychain
2.can we store this private anywhere else to be safe
What are the all best practices that i can follow to be safe. Any experts with detailed explanation would be appreciated.
I have tried to export the private but there is no option this is private key stored in key chain . these are the options that i am getting when trying to export.
Any Suggestions ?
Thanks in Advance !!
