Petr Posted May 4, 2006 Share Posted May 4, 2006 Just an idea - what about to use code signing and catalog files just in the way it was supposed to use them?I see at least these possible advantages:- all updates and hotfixes for Windows ME would seamlessly install without the of nircmd utility and other tricks.- all updates, hotfixes etc. would be signed so anybody who downloaded them would be able to test the integrity and origin.- maybe also it would enable to make slipstreamed IE6.0SP1 available for download, exactly as it is from Microsoft, when Microsoft will stop the support. (IE5.5SP2 is already crippled on the Microsoft download servers, the first cab for each platform is missing, so you can add components, but not to install it from the scratch)- maybe also the functionality of Windows Update site could be duplicated (after Microsoft will close it)In general, I see two possibilities how to manage these certificates.1. To buy commercial code signing certificate (is this sufficient?), or2. To create our own root certificate authority.Both approaches would have some advantages and disadvanatages.- commercial certificate is not free of charge. I did not made deep research but it looks like Comodo code signing certificate for € 99 per year could be the right one. I think I could donate this amount if necessary.- Own certificates would not be recognized by Windows by default, the root certificate has to be imported at first.- Own root certificate would mean that all people involved could use their own code signing certificate.- Own root certificate would mean to use also own timestamping service (?)- Official certificate would mean that the person who would create all the .CAT files and who would sign all files would be clearly expressed - do we accept this?Some details about code signing process are here: http://www.instantssl.com/code-signing/cod...ng-process.htmlSIGNCODE.EXE is part of IEAK6 for example, CHKTRUST.EXE is part of IEAK4 or Visual Studio .NETMy feeling is that everything is very easy - but only if you know how to do it. Is here anybody experienced?Any comments?Petr Link to comment Share on other sites More sharing options...
Acheron Posted May 4, 2006 Share Posted May 4, 2006 Just an idea - what about to use code signing and catalog files just in the way it was supposed to use them?I see at least these possible advantages:- all updates and hotfixes for Windows ME would seamlessly install without the of nircmd utility and other tricks.- all updates, hotfixes etc. would be signed so anybody who downloaded them would be able to test the integrity and origin.- maybe also it would enable to make slipstreamed IE6.0SP1 available for download, exactly as it is from Microsoft, when Microsoft will stop the support. (IE5.5SP2 is already crippled on the Microsoft download servers, the first cab for each platform is missing, so you can add components, but not to install it from the scratch)- maybe also the functionality of Windows Update site could be duplicated (after Microsoft will close it)In general, I see two possibilities how to manage these certificates.1. To buy commercial code signing certificate (is this sufficient?), or2. To create our own root certificate authority.Both approaches would have some advantages and disadvanatages.- commercial certificate is not free of charge. I did not made deep research but it looks like Comodo code signing certificate for € 99 per year could be the right one. I think I could donate this amount if necessary.- Own certificates would not be recognized by Windows by default, the root certificate has to be imported at first.- Own root certificate would mean that all people involved could use their own code signing certificate.- Own root certificate would mean to use also own timestamping service (?)- Official certificate would mean that the person who would create all the .CAT files and who would sign all files would be clearly expressed - do we accept this?Some details about code signing process are here: http://www.instantssl.com/code-signing/cod...ng-process.htmlSIGNCODE.EXE is part of IEAK6 for example, CHKTRUST.EXE is part of IEAK4 or Visual Studio .NETMy feeling is that everything is very easy - but only if you know how to do it. Is here anybody experienced?Any comments?PetrI thought code-signing only worked when compiling a project. Didn't know you could atach digital signatures afterwards. Well if this is true I'll go for solution two Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now