Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to sign my VB.NET application?

I'd like to avoid this scary messages when users install my application:

screenshot unknown publisher

I understand I have to buy a certification or something like that. Can you tell me where should I buy it and what should I do with that after? I'd like to sign my exe application automatically. Furthermore, I use InnoSetup and I'd like to add the signature automatically when creating a new package (EXE file)

like image 975
Tamir Gefen Avatar asked Jun 30 '12 18:06

Tamir Gefen


People also ask

How do I sign a .NET application?

You sign an application or component by using the Signing tab of the project properties window (right-click the project node in Solution Explorer and select Properties). Select the Signing tab, then select the Sign the assembly check box. Specify a key file.

How do I sign a ClickOnce application?

Go to the project properties window (right-click the project node in Solution Explorer and select Properties). On the Signing tab, select the Sign the ClickOnce manifests check box.


1 Answers

If you want to be a "Known Publisher" you need a certificate from an authority like Verisign, etc. It's not cheap (Verisign charges ~$400/yr).

https://www.symantec.com/verisign/code-signing/microsoft-authenticode/buy

See also :

http://msdn.microsoft.com/en-us/library/ms247066

https://stackoverflow.com/a/1191152/327083

Basically there are two things you can do - Strong Name signing and Authenticode signing.

Strong Name signing alone will not identify the publisher of the assembly but it does associate the assembly with a trusted key and can detect assemblies which have been tampered with. You would have to distribute your own key/certificate to your users and have them install them. There is no third-party system in place to handle this.

Authenticode (ie: Verisign, etc) costs money for the third party certification but allows for the entire process to be nicely shrink-wrapped and identifies you as a known publisher.

Still, users would still see that dialog box with default UAC settings even with a Verisign certificate (at least the first time) - it would simply identify who it came from (Known publisher, name, etc). They would, however, get the option to "Always trust" from your publisher (which you do not get as an 'unknown publisher').

like image 97
J... Avatar answered Oct 21 '22 20:10

J...