包裹签名和数字证书 [英] Package signing , and digital certificate
问题描述
我使用c#创建了一个Windows窗体应用程序,App的输出为.exe,在该项目的引用中,我添加了该项目需要的所有dll的引用,所有这些都是我创建的. dll,其中一些正在使用第三奇偶校验Dll.
我使用wix Toolset将.exe和所有引用的dll打包到一个安装程序项目中.
请注意,.exe和安装程序没有强名称,也没有使用密钥签名.
我将此.msi结果文件上传到Intranet服务器中,但是当用户通过google chrome从Intranet下载该文件时,它会发出如图1所示的警告消息.我所需要的就是我不希望用户感觉到他正在下载并运行不受信任的内容.
如果原因是包裹需要数字证书,我是否必须使用强名开头程序集才能使用数字证书对其进行签名?
Windows将经验证的发布者发布的所有应用程序视为不可信应用程序.如果要使Windows信任您的应用程序,请对您的应用程序进行数字签名.
- 首先购买代码签名证书.可以从Godaddy说最便宜的( https://in.godaddy.com/web -security/代码签名证书).购买证书后,只需按照Godaddy上的步骤操作即可获取证书(.pfx)文件.
- 安装Visual Studio Express
- 安装InstallShield以生成.exe
- 您可以使用installshield轻松地使用证书对输出进行签名.有关详细信息,请参见屏幕截图.
I Created a windows forms application using c# the output of the App is .exe , in the references of this project , I had added a reference of many dlls that this project needs all of them are Created by me.But these referenced dlls , some of them are using third parities Dll.
I packed the .exe and all referenced dll in an installer project using wix Toolset.
Note that the .exe and the installer has no strong names and not signed with key.
I upload this .msi result file into an intranet server , but when users download it from intranet it through google chrome , it gives a warning message like in fig1.Chrome warning
and when the user Double clicks the .msi file after downloading to start installation process , it activates windows smart screen .Smart screen warning
and while running the installer it displays User account control message with yellow banner as in fig3.[windows smart screen warning][3]
I made a lot of invistigations and i had find out that this is because my code is not digitally signed with digital certificate, actually i have no experience on this and i don't know if this is the true reason or what.
And do i need to make my .exe strongly signed by signing the assembly from signing tab of .net , I also have no experience about singing an executable package.
all what i need is that i don't want the user to feel like he is downloading and running something that is not trusted.
if the reason is that the package needs digital certificate , do i have to sgin the assembly with strong name to be able to sign it with digital certificate ?
Windows treats all application which are published by verified publisher as non-trusted application. If you want to make your application trusted by windows digitally sign your application.
- First buy Code-Signing-Certificate. lets say from Godaddy cheapest available (https://in.godaddy.com/web-security/code-signing-certificate). After buying certificate just follow procedure on godaddy to get your Certificate(.pfx) file.
- Install visual studio express
- Install InstallShield for generating .exe
- You can sign your output with the certificate by using installshield easily. Refer the screenshot for details.
这篇关于包裹签名和数字证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!