henrypp
commented
6 years ago Where and how i can give it?
Open baMain opened 6 years ago
henrypp
commented
6 years ago Where and how i can give it?
baMain
commented
6 years ago You can use SignTool.exe (the tool is automatically installed with some installation of Visual Studio, if your version does not include the tool you can download it by downloading Windows SDK at: https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk). you can read more about the tool here: https://docs.microsoft.com/en-us/dotnet/framework/tools/signtool-exe
before you can use the tool you need to create a Certificate , follow this guide: https://docs.microsoft.com/en-us/windows/uwp/packaging/create-certificate-package-signing
*please notice that after this step a new certificate will be added to your local certificate store
after this creating and exporting the Certificate, use this guide to sign the exe: https://docs.microsoft.com/en-us/windows/desktop/seccrypto/using-signtool-to-sign-a-file
after this you will receive a signed exe:
looking in signed exe cert details:
If you want you can use one of "Microsoft Trusted Root Certificate Program: Participants" to sign your certificate(i don't think they are signing for free) - so you will be trusted by a Trusted Root Certificate(you will not have the red cross in the "Digital Signature Details"): https://social.technet.microsoft.com/wiki/contents/articles/31634.microsoft-trusted-root-certificate-program-participants.aspx
henrypp
commented
6 years ago i don't think they are signing for free
Yeah, me too ;)
Microsoft Trusted Root Certificate Program
Anyone else? I don't want to sponsor worldwide monopoly.
baMain
commented
6 years ago I believe that self-signed binary is good enough(and free (-: )
henrypp
commented
6 years ago @baMain, no, it's not good enough
baMain
commented
6 years ago The no is for Not free? Or not good enough?
Or both of them?
henrypp
commented
6 years ago Self-signed certificates are untrusted by all. It's same thing as .exe without certificate. But some signers do free certificates for open source software.
baMain
commented
6 years ago Do you know who sign open source projects for free? It could be useful for other open source projects i am involved in.
henrypp
commented
6 years ago @baMain,
@wj32, @dmex, @XhmikosR - can you share with us about information, where you give signature for your Process Hacker and other projects?
baMain
commented
6 years ago Thank you (:
XhmikosR
commented
6 years ago IIRC ReactOS signed the kernel drivers for Process Hacker. For simple programs the certs aren't so expensive, though. I personally bought a cert from DigiCert when Certum's stopped being free.
henrypp
commented
6 years ago @XhmikosR, i think Certum is cheaper than DigiCert (for opensource of course).
dmex
commented
6 years ago @henrypp
ReactOS signed the kernel drivers for Process Hacker
At first ReactOS signed the Process Hacker driver (including a few other open source projects) years ago but we've been using @wj32 's certificate since 2010 and they've since discontinued driver signing.
https://reactos.org/wiki/index.php?title=Driver_Signing&oldid=34012 https://reactos.org/wiki/Driver_Signing
savchenko
commented
5 years ago @henrypp, Would you re-consider this ticket? I recognize your concern regarding monopoly support, however in lieu of circumstances, it is probably safer for end-users to have an application signed with a certificate recognized by the OS.
Happy to sponsor the purchase if that is of any help.
Rahmet/spasibo/etc.
Apollyon69
commented
11 months ago Hi, seems like Windows made another hurtful change these days. I was happily using Simplewall until today. Now Windows throw an error saying it cannot verify Simplewall signature. This is brand new, the program loads but the rules are not loaded or remembered anymore. The specific error is:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Status: -1073740760 (0xC0000428)
Of course I did not make any change to the hardware and Simplewall was working flawlessly until today. The latest change was last week, when I did upgrade to Windows 11 23H2, but this Windows annoyance did not appear until today (rebooted several times during the past days). I already tried to downgrade to version 3.75 manually, hopping it was an error with the last release, but the error persist
Apollyon69
commented
11 months ago Ok, quick workaround. Telling the installer to use the portable mode (to store settings in the program directory), avoids the previously shown error. I will need to create all rules again, but at least it is not complaining about not being able to read the profile as it was doing earlier. Not ideal, but at least works and remember the rules (it was not doing it until installing it as portable). Yet another Windows annoyance.
henrypp
commented
11 months ago @Apollyon69 sw has NO digital signature, so error like that i did not know where you get...
Apollyon69
commented
11 months ago I understand there is no digital signature, and I'm happily using simplewall for quite some time. Both with Windows 10 as with 11, with almost no issues until today, when the previously mentioned error appeared at startup, out of the blue, and every time simplewall started, not remembering any rule (old or new). I didn't change anything recently in this computer. The last patch deployed was the 23H2 update, 10 days ago (I just checked to be sure). Fortunately, reinstalling and switching to portable mode made the rules to persist, with no secondary issues (except having to set all rules again). Yet another Windows mystery. Thank you for the product, it's really useful for me, easy on resources and does exactly what I need (stop silent, unauthorized programs phoning home for no good reason)
henrypp
commented
11 months ago @Apollyon69 u not latest sw version using
PhysicsIsAwesome
commented
6 months ago Hi @henrypp, pls reconsider signing this great app. Signing it has significant advantages for you as a developer and for the users:
All of that for relatively little money. You can use the Microsoft Store to distribute and sign it, like Mozilla and KDE do, or get a certificate through other means. A MS Store developer account for individuals is only 19USD one time.
Thank you and best regard
henrypp
commented
6 months ago @PhysicsIsAwesome any OSS free (or not more than 20$) sign feature available, give me example?
PhysicsIsAwesome
commented
6 months ago @PhysicsIsAwesome any OSS free (or not more than 20$) sign feature available, give me example?
I don't know of any cheaper offer than MS Store. What's wrong with using it?
henrypp
commented
6 months ago @PhysicsIsAwesome even dont know wtf and where to get
PhysicsIsAwesome
commented
6 months ago @PhysicsIsAwesome even dont know wtf and where to get
Well, I offered you the only option in this price range. What did you expect?
dmex
commented
6 months ago You can sign up for Microsoft's ACS for $10/m which is the cheapest certificate and it's the only supported signer for uiaccess and integritycheck going forward.
Howto: https://github.com/koaladsp/KoalaDocs/blob/master/azure-code-signing-for-plugin-developers.md
PhysicsIsAwesome
commented
6 months ago According to https://www.advancedinstaller.com/msix-publish-microsoft-store.html MS Store can sign your application for free and you only have to pay the registration fee for a developer (19$)
henrypp
commented
6 months ago @dmex
So! Clock is ticking. Do we have any indication on when Azure Code Signing will be generally available?
The pricing plan of Azure Code Signing is currently unknown and it is expected that this will be revealed somewhere in 2024. We expect the pricing to be reasonable, as it concerns a fundamental service for many Microsoft Windows developers.
lol
i think cosign is better, because he exists, just required to be make sense of
tnodir
commented
6 months ago
Add a Digital Signature to Executables(Installer and other exe's), like this: