Assemblies in NuGet package are not signed with Authenticode

justRu commented 4 years ago

Is it possible to sign the assemblies with Authenticode ?

C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x64>signtool verify "C:\Users\sezhezhe\.nuget\packages\ben.demystifier\0.1.4\lib\netstandard2.0\Ben.Demystifier.dll"
File: C:\Users\sezhezhe\.nuget\packages\ben.demystifier\0.1.4\lib\netstandard2.0\Ben.Demystifier.dll
Index  Algorithm  Timestamp
========================================
SignTool Error: No signature found.

Number of errors: 1

@onovotny who helped with strong-name signing for this project and maintains https://github.com/dotnet/SignService.

benaadams commented 4 years ago

Not sure it particularly worth the $499 per year?

justRu commented 4 years ago

Is it too much hassle to onboard this project to .NET Foundation and use their code signing service?

CADbloke commented 4 years ago

https://www.ksoftware.net/code-signing-certificates/ is cheaper and has worked well for me. They sell Comodo certs. @justRu you could sign it with your own cert like I do. Most of what I use from Nuget is unsigned so I sign it myself as part of the deployment build.

benaadams / Ben.Demystifier

Assemblies in NuGet package are not signed with Authenticode #90