Login / Register 0 items | $0.00 New @ KVR
User avatar
discoDSP
KVRAF
 
3535 posts since 17 Jul, 2002

Postby discoDSP; Mon Mar 19, 2018 12:16 am Re: Code Sign certificates

FabienTDR wrote:No. The certificate will remain valid for eternity.

You "lease" a signing certificate, allowing you to sign stuff. It's a toolkit, a small console app

Thanks, then it's very likely to be purchasing one :)
discoDSP Plug-Ins | Synths | Sampler | Effects
joshb
KVRist
 
69 posts since 13 Apr, 2016

Postby joshb; Fri Apr 06, 2018 5:38 pm Re: Code Sign certificates

Help me get this right...because I definitely don't understand signing.

My certificate is on my Mac in my Keychain. To sign my installer, I would do something like this:

Code: Select all
productsign --sign "Developer ID Installer: MyCompany" MyInstaller.pkg" MySignedInstaller.pkg"


That's it?


And, did I read that correctly, that I can sign my Windows installer using my Mac certificate? Running the same thing but with my Windows installer that has been copied to my Mac? Would that get rid of the annoying "unknown publisher" Windows warning?

Am I missing anything?
User avatar
discoDSP
KVRAF
 
3535 posts since 17 Jul, 2002

Postby discoDSP; Sat Apr 07, 2018 12:01 am Re: Code Sign certificates

joshb wrote:Help me get this right...because I definitely don't understand signing.

My certificate is on my Mac in my Keychain. To sign my installer, I would do something like this:

Code: Select all
productsign --sign "Developer ID Installer: MyCompany" MyInstaller.pkg" MySignedInstaller.pkg"


That's it?

Should work fine yes.

And, did I read that correctly, that I can sign my Windows installer using my Mac certificate? Running the same thing but with my Windows installer that has been copied to my Mac? Would that get rid of the annoying "unknown publisher" Windows warning?

No. Microsoft has only certain CAs installed by default and Apple is not among these.

I found a useful how-to article http://luminaryapps.com/blog/code-signi ... -on-a-mac/
discoDSP Plug-Ins | Synths | Sampler | Effects
Ivan_C
KVRian
 
1059 posts since 11 Aug, 2004, from Marcoussis, France

Postby Ivan_C; Thu May 03, 2018 8:19 am Re: Code Sign certificates

Quick question : does someone know if there is any use to have an Extended Validation (EV) Code Signing certificate ? A regular one is enough to prevent any of the annoying Windows warnings ?
User avatar
discoDSP
KVRAF
 
3535 posts since 17 Jul, 2002

Postby discoDSP; Thu May 03, 2018 8:29 am Re: Code Sign certificates

AFAIK Windows warnings still appear but when you use code signing it will display your publisher name instead Unknown.
discoDSP Plug-Ins | Synths | Sampler | Effects
User avatar
lorcan
KVRist
 
131 posts since 25 Sep, 2001, from Paris, France

Postby lorcan; Thu May 03, 2018 10:07 am Re: Code Sign certificates

With a non-EV code signing cert., you have to 'build up your reputation' every time you release a new build, meaning the first people who download your software will get the pesky alert boxes.
I've got ~80 downloads of my latest build and still get the warnings :x

EV is supposed to give you instant reputation, at least that what they advertise here https://www.digicert.com/code-signing/e ... mpared.htm
But the price and paperwork is not comparable ... $84 vs $349 here http://codesigning.ksoftware.net/ :o
keithwood
KVRist
 
56 posts since 24 Dec, 2015, from Bristol, UK

Postby keithwood; Thu May 03, 2018 12:44 pm Re: Code Sign certificates

Don't forget to timestamp - it stops the signature expiring on the expiry date of the certificate. The parameter is --timestamp for both codesign and productsign. I think you can use codesign nowadays and not bother with productsign, although it used not to be the case.
User avatar
discoDSP
KVRAF
 
3535 posts since 17 Jul, 2002

Postby discoDSP; Thu May 03, 2018 11:17 pm Re: Code Sign certificates

lorcan wrote:EV is supposed to give you instant reputation, at least that what they advertise here https://www.digicert.com/code-signing/e ... mpared.htm
But the price and paperwork is not comparable ... $84 vs $349 here http://codesigning.ksoftware.net/ :o

:? I think getting a $84 certificate is almost pointless if you can't get all the advantages of a real code sign certificate. It makes Apple Developer certificates very cheap in comparison!
discoDSP Plug-Ins | Synths | Sampler | Effects
User avatar
lorcan
KVRist
 
131 posts since 25 Sep, 2001, from Paris, France

Postby lorcan; Fri May 04, 2018 4:50 am Re: Code Sign certificates

discoDSP wrote: :? I think getting a $84 certificate is almost pointless if you can't get all the advantages of a real code sign certificate. It makes Apple Developer certificates very cheap in comparison!

Apple buys them in bulk and they're not EV ...
It is a real code signing certificate, it's just that MS decided that either you need to build up reputation manually or verify your brand credentials, which means more paperwork = more expensive.
If you don't sign at all you get 3 very intimidating warnings instead of one/none.
User avatar
discoDSP
KVRAF
 
3535 posts since 17 Jul, 2002

Postby discoDSP; Fri May 04, 2018 9:45 am Re: Code Sign certificates

lorcan wrote:If you don't sign at all you get 3 very intimidating warnings instead of one/none.

Are you sure? I'm getting just one right now without any code sign on Windows 7 (no idea about 10).
discoDSP Plug-Ins | Synths | Sampler | Effects
User avatar
lorcan
KVRist
 
131 posts since 25 Sep, 2001, from Paris, France

Postby lorcan; Fri May 04, 2018 9:51 am Re: Code Sign certificates

discoDSP wrote:Are you sure? I'm getting just one right now without any code sign on Windows 7 (no idea about 10).


You definitely get at least two on 10 and 7 ( 99.99% sure). Theses will only trigger if you download a fresh copy from the web, as Windows is clever enough to remember you clicked 'yes' before. Of course that's with default UAC policies.
User avatar
discoDSP
KVRAF
 
3535 posts since 17 Jul, 2002

Postby discoDSP; Fri May 04, 2018 9:52 am Re: Code Sign certificates

Yep, two warnings using Win10 here.
discoDSP Plug-Ins | Synths | Sampler | Effects
User avatar
discoDSP
KVRAF
 
3535 posts since 17 Jul, 2002

Postby discoDSP; Mon May 07, 2018 12:47 am Re: Code Sign certificates

Well, it looks like you have to get an Authenticode certificate from a Microsoft approved certificate authority to sign AAX plugins so no choices here.
discoDSP Plug-Ins | Synths | Sampler | Effects
Previous

Moderator: Moderators (Main)

Return to DSP and Plug-in Development