Difference between revisions of "Code Signing for Windows"

From Free Pascal wiki
Jump to navigationJump to search
Line 8: Line 8:
 
Has anyone ever "registered" and if so what authority did they register with, what was the experience like (slow/fast), cost etc?
 
Has anyone ever "registered" and if so what authority did they register with, what was the experience like (slow/fast), cost etc?
  
'''Answer''' (by forum member @skalogryz):
+
'''Answer''' from forum member @skalogryz:
  
 
In order to have the application launching without any "questions", you'll need EV certificate to be purchased. It's costs around $500 (prices may vary, but I doubt you can find anything below $350).
 
In order to have the application launching without any "questions", you'll need EV certificate to be purchased. It's costs around $500 (prices may vary, but I doubt you can find anything below $350).
Line 21: Line 21:
  
 
You can't use your HTTPS certificate. Your HTTPS certificate was given for a domain name, not an executable.
 
You can't use your HTTPS certificate. Your HTTPS certificate was given for a domain name, not an executable.
However, the same authority that issued your HTTPS certificate might also be providing code signing certificates (and you might be eligible for a discount of some sort)
+
However, the same authority that issued your HTTPS certificate might also be providing code signing certificates (and you might be eligible for a discount of some sort).
  
 
==Examples of companies==
 
==Examples of companies==

Revision as of 10:13, 22 November 2021

Windows logo - 2012.svg

This article applies to Windows only.

See also: Multiplatform Programming Guide

English (en)


Description of the problem

Question:

I notice Windows 10 gives me a warning that a publisher is unknown after unzipping and attempting to run an exe.

Has anyone ever "registered" and if so what authority did they register with, what was the experience like (slow/fast), cost etc?

Answer from forum member @skalogryz:

In order to have the application launching without any "questions", you'll need EV certificate to be purchased. It's costs around $500 (prices may vary, but I doubt you can find anything below $350). The approval might take about a week, since they will do the verification of your actual existence. (The existence of your company). If they are prompt enough they might get you verified in a matter of a day or two. (For me it took about 3 weeks).

Note that EV certificates are usually "hardware" generated. Meaning you'll have some sort of hardware device in order to sign an app. (The hardware device also needs to be mailed to you... which adds the time to the point when you can finally sign an app.)

You can get a simple certificate, but it will still show "Running application by ... Name of your company". Simple certificates are cheaper, about $100.

Keep in mind that certificates expire and must be renewed (usually for the same price, or a bit expensive, if you used some promo when buying the first certificate). Renewal process is as fast as simply paying for it. But if you miss the payment and don't renewal, you might have to pass the re-approval process again.

You can't use your HTTPS certificate. Your HTTPS certificate was given for a domain name, not an executable. However, the same authority that issued your HTTPS certificate might also be providing code signing certificates (and you might be eligible for a discount of some sort).

Examples of companies

  • Comodo EV. $399 per year for EV, without a promotion.
  • Digicert. $699 per year for EV.

Signtool

Signtool comes as a part of Windows 10 SDK. The binary is typically installed at:

C:\Program Files (x86)\Windows Kits\10\bin\__version__\x64

1. Install (or generate the certificate) into Windows Certificate Center. EV certificates should also be installed, but signing them requires the hardware key to be present at the time of signing

2. Very basic sign command line:

signtool sign project1.exe

See also