EV代码签名证书或Microsoft Authenticode的代码签名证书 [英] EV Code Signing certificate or Code Signing Certificates for Microsoft Authenticode

问题描述

我开发了免费的个人理财应用程序.对我来说这是一种爱好. 我已经在我的网站上下载了它. http://moneyble.com/download/

I developed a free personal finance application. It is a hobby for me. I have it on my website for download. http://moneyble.com/download/

我经常(一个月左右)发布一个新版本.因此，文件的哈希值发生了变化.

I frequently (once a month or so) release a new version. So the file's hash changes.

从我的网站下载文件时，浏览器会显示警告，提示该文件不常用下载，可能会很危险. 同样在Windows 8计算机上，还会弹出SmartScreen警告.

When the file is downloaded from my website the browser displays a warning that the file is not commonly downloaded and can be dangerous. Also on Windows 8 machines SmartScreen warning pops up.

这两种警告都会杀死尝试下载我的软件的所有新用户.

Both these warnings are killing any new users who try to download my software.

我阅读了一些有关代码签名的文章，并意识到我必须购买代码签名证书.向微软支付发布我自己的软件的权利，这听起来很愚蠢.就像他们拥有互联网一样.但是无论如何...他们制定了规则.

I read some articles about Code Signing and realized that I have to buy a Code Signing Certificate. It sounds stupid to pay Microsoft for the right to release my own software. Like they own the Internet. But anyway... they set the rules.

问题:

我应该在EV代码签名证书上花费500美元吗?

Should I spend $500 on EV Code Signing Certificate?

或

我可以购买便宜得多的Microsoft Authenticode证书($ 100- $ 200)，并且仍然摆脱两种警告(下载和SuckScreen)吗?

Can I buy a much cheaper ($100-$200) Microsoft Authenticode Certificate and still get rid of both warnings (Download and SuckScreen)?

我的exe当前在MS中没有声誉.我经常更新exe -s.用户群从0开始缓慢增长.

My exe-s currently have no reputation with MS. I update exe-s frequently. User-base is slowly growing from 0.

有人有类似现实生活的经历吗?

Anybody has real-life similar experience?

仍然不知道如何签名zip包.我还提供了程序的可移植安装.如果您在Google Chrome浏览器上下载了便携式zip软件包-它会显示一则令人讨厌的消息:"Moneyble.zip不太常用，可能很危险".该软件包中的Exe已签名.但这无济于事. IE没有这个问题.这只是Google Chrome浏览器的问题.

Still don't know though how to sign a zip package. I provide a portable install of my program as well. If you download portable zip package on Google Chrome - it displays a nasty message "Moneyble.zip is not commonly downloaded and could be dangerous". Exe within that package is signed. But it does not help. IE does not have this problem. It's only Google Chrome's issue.

如果有人对如何分发便携式安装有任何建议，我将不胜感激.

IF anyone has suggestions on how to distribute portable installations - I would really appreciate it.

如果要检查警告，请从以下位置下载安装程序之一: http://moneyble.com/download/

If you want to check warnings download one of the installers from: http://moneyble.com/download/

推荐答案

我刚刚写了几个

I've just written up a couple of blog posts on this very topic. The following three screenshots are illustrative of the progression from unsigned through standard Authenticode certificate to EV Authenticode certificate:

无数字签名

已使用DigiCert的标准Authenticode证书签名

已使用DigiCert的EV Authenticode证书签名

因此，除非您能够聚集Microsoft认为意味着通常下载您的程序的任何关键用户数量，否则EV证书是为所有用户删除SmartScreen警告的最快方法.就其价值而言，DigiCert硬件令牌很容易通过Windows证书管理器使用，但是它花费的450美元确实相当昂贵，尤其是对于业余爱好.

So unless you can amass whatever critical volume of users Microsoft deems to mean that your program is commonly downloaded, an EV certificate is the fastest way to remove the SmartScreen warnings for all users. For what it's worth, the DigiCert hardware token was very easy to use through the Windows Certificate Manager, but the $450 it cost us is admittedly quite expensive, especially for a hobby.

这篇关于EV代码签名证书或Microsoft Authenticode的代码签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！