Board index » delphi » secure exe file

secure exe file


2005-05-07 09:49:46 PM
delphi204
Hello,
We have small executable file, this file downloaded by our user. each time
they download
this file, they get message
"The published could not be verified. Are you sure you want to run this
software"
"software has no valid digital signature"
My question is:
1-How to get published ?
2-How to get valid digital signature for executable file?
3-is there any free digital signature like openssl for executables?
I appreciate any help or suggestion to avoid the problem
Thanks
 
 

Re:secure exe file

Hello!
You wrote on Sat, 7 May 2005 08:49:46 -0500:
AA>2-How to get valid digital signature for executable file?
AA>3-is there any free digital signature like openssl for executables?
What you need to do is
a) obtain code signing certificate from well-known certificate authority
(see the list of trusted root authorities in Windows). This is the common
X.509 certificate but it is usage properties are set to code signing.
b) sign your executables before releasing them. For signing you can use some
MS tools, but signing with them is a bit tricky. Also you can use
PKIBlackbox (freeware, www.eldos.com/sbb/desc-pki.php). What you need
is Authenticode signer.
You can of course use self-signed certificate (and not spend money and time
getting the certificate from CA), but this will also lead to some warning
from the OS. In fact, the signature doesn't guarantee anything for the user
(because there's always a chance that the signed executable is infected with
some virus), so it makes sense for the user to disable that {*word*193} warning.
With best regards,
Eugene Mayevski
 

Re:secure exe file

Hi Eugene,
How it is possible to disable this ?
Alain
Eugene Mayevski avait soumis l'idée :
Quote
Hello!
You wrote on Sat, 7 May 2005 08:49:46 -0500:

AA>2-How to get valid digital signature for executable file?
AA>3-is there any free digital signature like openssl for executables?

What you need to do is

a) obtain code signing certificate from well-known certificate authority
(see the list of trusted root authorities in Windows). This is the common
X.509 certificate but it is usage properties are set to code signing.
b) sign your executables before releasing them. For signing you can use some
MS tools, but signing with them is a bit tricky. Also you can use
PKIBlackbox (freeware, www.eldos.com/sbb/desc-pki.php). What you need
is Authenticode signer.

You can of course use self-signed certificate (and not spend money and time
getting the certificate from CA), but this will also lead to some warning
from the OS. In fact, the signature doesn't guarantee anything for the user
(because there's always a chance that the signed executable is infected with
some virus), so it makes sense for the user to disable that {*word*193} warning.

With best regards,
Eugene Mayevski
--
++sign
A.Falanga
"The French Frog TeamZed Member"
 

Re:secure exe file

Hello!
You wrote on Sat, 07 May 2005 16:20:17 +0200:
FA>How it is possible to disable this ?
I am not aware of this cause we don't use Windows XP SP2.
With best regards,
Eugene Mayevski
 

Re:secure exe file

Thanks Eugene for your time and suggestion
"Eugene Mayevski" <XXXX@XXXXX.COM>writes
Quote
Hello!
You wrote on Sat, 07 May 2005 16:20:17 +0200:

FA>How it is possible to disable this ?

I am not aware of this cause we don't use Windows XP SP2.

With best regards,
Eugene Mayevski
 

Re:secure exe file

Eugene Mayevski avait écrit le 07/05/2005 :
Quote
Hello!
You wrote on Sat, 07 May 2005 16:20:17 +0200:

FA>How it is possible to disable this ?

I am not aware of this cause we don't use Windows XP SP2.

With best regards,
Eugene Mayevski
Thanks for your answer Eugene.
--
++sign
A.Falanga
"The French Frog TeamZed Member"
 

Re:secure exe file

Comodo (www.instantssl.com) where the cheapest certification I found
(US$100 a year), but they are only included on Windows XP SP2 by
default. Other versions of Windows may include them if they were
updated.
Then you just use the signing tools from MS. There is a tiny SDK at
www.microsoft.com/downloads/details.aspx
Comodo was pretty great. Took me less than an hour to get my
certificate. I had my documents (ID and proof of address) scanned and
e-mailed them a few minutes after their return e-mail, though. This
was on a Friday around midnight, too <g>(just after I saw the new SP2
dialog, I decided to get a certificate).
That is for shareware products, though. If it was just a few
clients, I would probably tell them to ignore the dialog.
"Adam Allen" <AdamAL_98 at comcast dot net>writes:
Quote
Hello,

We have small executable file, this file downloaded by our user. each time
they download
this file, they get message

"The published could not be verified. Are you sure you want to run this
software"
"software has no valid digital signature"

My question is:

1-How to get published ?
2-How to get valid digital signature for executable file?
3-is there any free digital signature like openssl for executables?

I appreciate any help or suggestion to avoid the problem

Thanks

_________________________________________________________
Luiz Marques XXXX@XXXXX.COM
www.stgsys.com [Remove nospam]
Starglider Systems
_________________________________________________________
 

Re:secure exe file

Can we buy one certificate and put it in many products?
Or one certificate for each product/software?
Nick
"Luiz Marques" <XXXX@XXXXX.COM>writes
Quote

Comodo (www.instantssl.com) where the cheapest certification I found
(US$100 a year), but they are only included on Windows XP SP2 by
default. Other versions of Windows may include them if they were
updated.

Then you just use the signing tools from MS. There is a tiny SDK at

www.microsoft.com/downloads/details.aspx

Comodo was pretty great. Took me less than an hour to get my
certificate. I had my documents (ID and proof of address) scanned and
e-mailed them a few minutes after their return e-mail, though. This
was on a Friday around midnight, too <g>(just after I saw the new SP2
dialog, I decided to get a certificate).

That is for shareware products, though. If it was just a few
clients, I would probably tell them to ignore the dialog.

"Adam Allen" <AdamAL_98 at comcast dot net>writes:

>Hello,
>
>We have small executable file, this file downloaded by our user. each time
>they download
>this file, they get message
>
>"The published could not be verified. Are you sure you want to run this
>software"
>"software has no valid digital signature"
>
>My question is:
>
>1-How to get published ?
>2-How to get valid digital signature for executable file?
>3-is there any free digital signature like openssl for executables?
>
>I appreciate any help or suggestion to avoid the problem
>
>Thanks
>

_________________________________________________________
Luiz Marques XXXX@XXXXX.COM
www.stgsys.com [Remove nospam]
Starglider Systems
_________________________________________________________
 

Re:secure exe file

Hello!
You wrote on Mon, 9 May 2005 12:14:25 +0300:
NR>Can we buy one certificate and put it in many products?
NR>Or one certificate for each product/software?
The certificates are issued for the company, not for the product. So you can
use the certificate for any your software.
There's one thing to care about: for example Thawte issues separate
certificates for MS technologies and for Netscape (the latter is needed for
signing Firefox add-ons and in some other activities, if memory serves).
With best regards,
Eugene Mayevski
 

Re:secure exe file

Note that it is very important to get the signed app timestamped at the
time of signing, or it will fail when the certificate expires. If
timestamped, then the certification remains valid. All certificate
authorities will provide a timestamp server, and indeed they will work
with other providers certificates.
There is an article on how to do this on my web site at
www.matthew-jones.com if you can not work out how to do this lot.
/Matthew Jones/