Digital Signature on the release executable

[Eldaw]

When running v1.3.0 for the first time, Microsoft SmartScreen in Windows 10 tried to prevent me from doing so. Normally this doesn't happen with signed executables (but I may be wrong).

When I view the properties for the spdif-ka executable in File Explorer, there is no 'Digital Signatures' tab.

Has the release executable been signed?

[handruin]

I have seen this SmartScreen issue the first time I started the utility and I admit the whole process of using the Digital Signature is new to me so I'm likely doing this incorrectly. When I Googled this a bit in the past the feedback I found suggested that this spdif-ka.exe utility was not in enough system samples of the Windows 10 SmartScreen database to allow it to pass through without a warning/prevention. This may be addressed with a proper Digital Signature so I'll use this issue to task myself with adding one in properly. As an aside, I do publish the .exe with each release and this may not be the best practice. The safest way for everyone consuming this project is to build it yourself but I realize that it's the most practical solution.

I'm not sure if this application has been properly signed. I did add the key "spdifka-sn-key.pfx" in the main SPDIFKA folder and my visual studio is aware of this key. This whole process is new to me so if you might know of any good resources on how to implement please let me know. Otherwise I'll research via the Google to figure it out. :-)

[Eldaw]

I think that to include a certificate that is already pre-trusted means buying one from a trusted certificate authority (one that already has their root certificate included in Windows).

I tried importing your certificate into my local certificate store, which in theory would make my PC trust anything that you sign with that certificate, but I couldn't because your certificate is password protected.

[handruin]

That makes sense for having some included trust with a purchased certificate but I wasn't looking to spend money for that given how small the user-base is for this utility. I'm hoping I can find an alternative to make this work without having to buy one.

The guidelines I had read during my research suggested using a strong password especially in the situation if I'm checking this file in to a public SCM system like github. I'll look into this some more to see if there is a way I can sign the application to make this work without hassling end-users. I have to imagine I'm not the only one in this situation. I just need some time to look into this.

[Eldaw]

Yeah, I totally agree that it wouldn't make sense to purchase a certificate specifically for this purpose. I'll also do some research and let you know if I find any useful information...

By the way, on a separate topic, I've made some improvements to the icons that I hope you'll like, and which I'd like to contribute to the project for your consideration. I'll try to submit them in the form of a Pull Request (just the files themselves, not any changes to the code at this stage), which will be from my other GitHub account. I just need to check if I remember how...

[handruin]

Yeah submit a PR and I'll take a look. Even if you have code-change ideas like the suggestions in your other issue, feel free to do a PR; no pressure though. I mainly made this app for myself but I figured there might be a few select other people who might find some usefulness out of it so I'm happy to collaborate. I realize there is that other spdif keepalive application out there that does something very similar. I had found it in my internet travels but from what I recall I didn't use it because it wasn't open source at the time I found it. I also wanted it to run in the system-tray which I don't think it did. Those few reasons gave me incentive to create my own windows app and leave the source code open for other people to take a look and gauge if they would trust running this on their system. In any case, I appreciate all your feedback and suggestions so far.

[Eldaw]

You're welcome. I'm actually very grateful for this application you made because previously I was running a different app called 'AVR Audio Guard', which doesn't work properly with Windows 10. It's a closed-source app that the developer abandoned, eventually even leaving his domain name to expire and his web site to vanish. The lack of Windows 10 compatibility meant that I was unable to upgrade the computer connected to my TV from Windows 8.1 to Windows 10, unless I was willing to put up with 1 second of silence whenever sound plays (which I'm not). Now that I know of alternatives (including this one in particular, which seems to be the best designed in my opinion), of course I'm free to do the upgrade at any time.

I've submitted 3 tiny PRs using my other account, which I eagerly await your decision on. :)

[handruin]

I can definitely appreciate the frustrations you've been having in dealing with the audio delay. Your 1-second delay is definitely worse than mine so I can see this being even more appealing to solve. As far as compatibility, I've also seen an issues opened for this utility related to supporting earlier versions of windows. That person solved it by building this tool and targeting earlier .net framework versions. At least on github anyone can fork the repo and change it however they want. I imagine as time progresses there will be fewer people in demand of spdif support.

Thanks for submitting the PRs. I've been a little behind on some things and I plan to merge these in tonight. I should have written you back sooner to say thanks and to let you know it might take me an extra day to get these merged in. I appreciate your contributions.

[handruin]

I'm attempting to follow this process outlined in this thread on Stack Overflow. I've downloaded the Windows App Certification Kit and I'm letting it run against spdif-ka. I'll attempt to upload the signature to Windows and hopefully the SmartScreen will not complain.