Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

creating a key and signing executable with signtool

Tags:

code-signing

signing

signtool

code-signing-certificate

How would I sign a Visual C# executable?

SignTool.exe can't find a certificate.

How would I create a self signed key and certificate, and have signtool be able to see the certificate and use it?

OpenSSL and Visual Studio 2010 Express are installed. Running Windows 7 Ultimate x64.

Using SignTool.exe from Windows Driver Kit.

like image 698
Kevin Avatar asked Jan 22 '23 03:01

Kevin

1 Answers

Using self-signed certificates for digitally signing your binaries pretty much goes against the concept of using digital certificates with programs. The basic idea is to prove the code was created by you (authenticity) and has not been modified since you released it (integrity). This must be done by using a signed certificate that is signed by a trusted Certificate Authority (CA).

With .Net, when a binary is digitally signed, it is automatically verified for integrity and authenticity during startup. While I have not personally tested this, using a self-signed certificate is probably going to cause you a great deal of problems.

If you want to digitally sign your programs, you need to invest in a code signing certificate from a CA. There are a number of companies out there that can provide this service (Verisign, Thawte), for a fee.

While the fee might seem a bit extreme in price, remember that you are not just purchasing a digital certificate but also 24/7 validation of that certificate. Any time someone starts your program it will ensure the program was written by you and that the program has not been changed since you released it.

Once you have a certificate, you can digitally sign your program by following the steps in How to: Sign Application and Deployment Manifests.

Update: If this program is strictly an internal application (limited to you or your business), you can created your own CA. Since you would be the only one running it, only you would need to validate it. The CA certificate would need to be installed as a Trusted Root Certificate on all the machines that would run the program (or if you have access to Windows Server, you could set up a real working CA).

like image 122
jveazey Avatar answered Mar 03 '23 11:03

jveazey
Sign in to Comment

Related questions

Self Sign Certificate To Authenticode Certificate?
CodeSign error: code signing is required for product type 'Application' in SDK 'iOS 6.1'
C# code signing with pfx
How to perform code signing using osslsigncode
IOs code signing clarification

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!