签名Windows EXE文件 [英] Signing a Windows EXE file
问题描述
我有一个 EXE 文件,我想要签名,以便Windows不会发出警告最终用户关于来自未知发布者的应用程序。我不是Windows开发人员。所讨论的应用是从生成屏保应用的应用生成的屏保。因此,我对文件的生成没有影响。
我已经发现我需要一个代码签名证书从 CA ,例如 Verisign 或instantssl.com。我不明白是我需要做的(如果可能的话)签署我的EXE文件。一个简单的解释是什么?
Mel Green的回答让我进一步,但signtool希望我指定在任何情况下使用什么证书。两个问题:
-
我可以获得一个免费的代码签名证书,以测试这是否会对我有用? p>
-
您有适当的SSL凭证的廉价来源吗?我找到的最便宜的是 instantssl.com上的此产品< a>每年约179美元。
此外,请指明哪种证书类型是正确的证书类型。大多数网站只提到代码签名,并谈论签名的应用程序,实际上是由用户编译。
您可以尝试使用 Microsoft的标志工具
您可以将其作为Windows SDK的一部分下载用于Windows Server 2008和.NET 3.5。下载后,您可以从命令行使用它,如下所示:
signtool sign / a MyFile.exe
这标志着一个可执行文件。
或者您可以尝试:
signtool signwizard
这将启动一个向导,指导您完成应用程序的签名。
如果你想获得一个证书,你可以用它来测试你的可执行文件的签名过程,你可以使用.NET工具 Makecert
。一旦你创建了自己的证书,您的可执行文件,则需要手动将其添加为计算机的受信任的根CA,以便 UAC 来告诉运行它的用户它是来自可信来源。 重要。 将证书安装为ROOT CA会危及您的用户隐私。看看发生了什么与DELL。 您可以找到更多的信息,在代码和通过Windows完成这个:
-
Stack Overflow问题 将证书安装到C#中的Windows Local用户证书存储区
- >
希望为尝试这样做的任何人提供更多信息!
I have an EXE file that I should like to sign so that Windows will not warn the end user about an application from an "unknown publisher". I am not a Windows developer. The application in question is a screensaver generated from an application that generates screensaver applications. As such I have no influence on how the file is generated.
I've already found out that I will need a code signing certificate from a CA like Verisign or instantssl.com. What I don't understand is what I need to do (if at all possible) to sign my EXE file. What is a simple explanation?
Mel Green's answer took me further, but signtool wants me to specify what certificate to use in any case. Two questions:
Can I get a free code signing certificate somehow to test if this will work for me at all?
Do you have a cheap-ish source for the appropriate SSL certificate? The cheapest I've been able to find is this product from instantssl.com which is about $179 per year. Are there any offerings for around $100 out there?
Also please specify which certificate kind is the correct one. Most sites only mention "code signing" and talk about signing applications that are actually compiled by the user. This is not the case for me.
You can try using Microsoft's Sign Tool
You download it as part of the Windows SDK for Windows Server 2008 and .NET 3.5. Once downloaded you can use it from the command line like so:
signtool sign /a MyFile.exe
This signs a single executable. I am not sure what certificate it uses.
Or you can try:
signtool signwizard
This will launch a wizard that will walk you through signing your application.
If you'd like to get a hold of certificate that you can use to test your process of signing the executable you can use the .NET tool Makecert.
Certificate Creation Tool (Makecert.exe)
Once you've created your own certificate and have used it to sign your executable, you'll need to manually add it as a Trusted Root CA for your machine in order for UAC to tell the user running it that it's from a trusted source. Important. Installing a certificate as ROOT CA will endanger your users privacy. Look what happened with DELL. You can find more information for accomplishing this both in code and through Windows in:
Stack Overflow question Install certificates in to the Windows Local user certificate store in C#
Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista
Hopefully that provides some more information for anyone attempting to do this!
这篇关于签名Windows EXE文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
