Signing and certificates

Startbeitrag von Steven Sitas am 19.02.2016 13:34

Hi,
If I wan't to sign my applications do I need a different certificate for every application I sign or I just buy only one for ALL my apps?
Can the same certificate sign Windows, Android, Java and Linux applications ?
Any suggested providers of certificates ?

Steven Sitas

Antworten:

Hi, imho for signing Java apps you will need a different ceritificate from Windows applications, but that depends on the certificate provider. As a start you have to buy the certificate from a certificate provider (it's valid for some years) and you have to install the certificate on your windows PC using certmgr.msc. As soon as you're done with that you can choose / use the certificate when creating the 32- or 64-bit .exe file of a WINDEV Windows application.

Imho, the WD20 Setup is not working with certificates, tried it just for fun and got a bug confirmation last December, nothing heard since then. There's some bug. Seems to me that no one is using WD20 Setup with signing, didn't hear a single complaint on this forum for the whole of the last year.

I recommend to use INNO Setup anyway. It's free and does most things some expensive installers do. For that you have to have to download signtool.exe from Microsoft. You should put the .p12 certificate file into the .exe directory or a subdirectory (e.g. \certificate ). Configuring the signtool for a 64-bit Windows application in Inno Setup looks like that: first, name it MyStandard and input or copy/paste this long line

"C:\My Projects\MyProgram\Exe\64-bit Windows executable\signtool.exe" sign /t http://timestamp.comodoca.com/authenticode /f "C:\My Projects\MyProgram\Exe\64-bit Windows executable\certificate\CertificateName.p12" /p YourCertificatePassword $f


In section [Setup] just add a single line
SignTool=MyStandard

You're done.
And you're done. It will sign your Windows application.

von GuenterP - am 19.02.2016 16:37
Hi Guenter,

I can confirm that the setup signing is not working in WD 18, 19 and 20. It has issues that have never been fixed. So what we do is signing the application when compiling. THen building the setup with WDINST. Then we run a batch file that signs the setup EXE. All works fine done that way.

Best regards,
Alexandre Leclerc

von Alexandre Leclerc - am 19.02.2016 16:52
Hi Alexandre,

thank you, yes, I know. But where's the reason to use the WDSetup / WDINST at all? There are some other issues with WDSetup as well ... which they do not care for and do not fix at all. Since no one here complains about WDSetup I came to believe that no one actually uses WDSetup any more.

WDSetup has another big problem, even if it would work perfectly: translation. They do force all developers who do not live in a country with either French or English to translate WDSetup once a year - and buy WDMSG for that purpose. Inno Setup comes with a language file - in order to make a German setup I just have to include:

[Languages]
Name: "Deutsch"; MessagesFile: "German.isl"

and that's it. For most other languages it's the same. I'm thinking about publishing working Inno Setup examples for WINDEV programs ...

Btw: Could you publish an example of your batch file? Anonymized, of course?

von GuenterP - am 19.02.2016 18:14
Hi Guenter,

I use WDSETUP because I'm lazy. We buy WDMSG, etc. We use some special code to configure windows firewall, install HFSQL, install services and other small things like that on server setup. We also use the LAN setup thing for clients apps. It works well. Every year I migrate our personalized code to the new version of WDSETUP. It take about one hour. We made documentation for that.

I would use Inno if I had the will to learn it and have similar features for our customers (LAN update is easy to mimic). But I'm not there yet. One hour per year is not that bad. And we learned to live with the small problems. Also we personnalized WDSETUP to be "one click" server setup. There is only one internal window to setup 3 fields and all is installed at once. The HFSQL is automatically update IF required (detected by the setup program).

For the batch file, here we go (quickly translated from French, it was made long ago and still works, but I can't say if all error checking is still working):

@echo off

:: Add path to signtool in your system PATH (C:\Program Files (x86)\Windows Kits\8.1\bin\x64; or something else)
set SignTool="signtool.exe"

set basedir=C:\Mes Projets\TEST APP\Install
set Setup="%basedir%\Install TEST APP.EXE"

:: Authenticode signing on setup file
%SignTool% sign /t http://timestamp.globalsign.com/scripts/timstamp.dll %Setup%
if errorlevel 1 goto signtool_error
echo Authenticode Signature added (%Setup2014a%)!

goto endSign

:signtool_error
echo ERROR : Problems detected while signing application!
echo - Make sure that the "Windows Software Development Kit (SDK)" is installed
echo on your workstation for your Windows version.
echo - Make sure that the access path to signtool.exe est correct.
pause
:endSign


Best regards,
Alexandre Leclerc

von Alexandre Leclerc - am 23.02.2016 22:05
Hi Alexandre, thank you for sharing!

My request has been for all of those who want to know how to actually sign the unsigned but otherwise finished Setup.exe - as you know I'm always behind real world solutions. That's the value of this forum.

Ok, in Canada that's easy, it's exactly what PC Soft offers in WDSetup: French + English ;-) Modifications for German and other languages need quite a bit more work. First, one has to change the code in order to allow for a third language, second one has to purchase WDMSG for one day's work and third one has to add the translation. I admit, I'd have to study server setups with Inno Setup, probably they're easier to make using WDSetup.

For PC Soft, I recommend to fix that years-old signing problem first and second to add a language file instead of the integrated multi-language string business. Just my 2 cent ..

von GuenterP - am 24.02.2016 06:39
Zur Information:
MySnip.de hat keinen Einfluss auf die Inhalte der Beiträge. Bitte kontaktieren Sie den Administrator des Forums bei Problemen oder Löschforderungen über die Kontaktseite.
Falls die Kontaktaufnahme mit dem Administrator des Forums fehlschlägt, kontaktieren Sie uns bitte über die in unserem Impressum angegebenen Daten.