I have a C++ Windows app. I sign our installer and my executable, but I don't currently sign my DLLs (such as zlib1.dll). It is not a big deal to sign those as well, but can someone explain what the benefit is? For instance, will my program appear any different to AV or firewall software if all its dependencies are signed? Will users get any different warnings?
Your program will not appear any different to AV or firewall. They will check for signatures on your executable which you have already signed. Signing your dlls makes most sense when you yourself verify those signatures before loading them. This ensures the integrity of all dlls at runtime. It is a recommended secure practice to sign all binaries that you ship and validate their signatures at runtime. If your dlls are to be used by other products then you must sign them as those products will want to verify their authenticity and integrity.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With