It’s astounding this wasn’t done years sooner to be honest. I mean, signing software with keys is not something invented recently. Not doing so is akin to storing passwords in plain text.
I think they want to, but Microsoft has made it expensive for open source developers who do this as a hobby and not as a job to sign their software. I know not too long ago, this particular dev was asking its users to install a root certificate on their PC so that they wouldn’t have to deal with Microsofts method of signing software, but that kind of backfired on them.
No, because you wouldn’t be able to execute the updated exe without a valid signature. You would essentially brick the install with that method, and probably upset Microsoft’s security software in the process.
I meant the old .exe would check the signatures before initializing the official Windows way to update. Effectively have this run whenever you start the application:
main() {
if (update_available()) {
exe_path = download_update()
if (signature(exe_path) == SIGNATURE) {
install_update(exe_path)
restart()
} else {
put_up_a_warning_or_something()
delete(exe_path)
}
}
# Rest of the application# ...
}
The only thing I have no idea how to implement would be the install_update(path) function. But surely this is one way to install updates without signatures recognized by Microsoft, right?
And if for some reason you aren’t allowed to sign the .exe because this breaks something, then place an unsigned .exe in a signed zip folder.
It’s astounding this wasn’t done years sooner to be honest. I mean, signing software with keys is not something invented recently. Not doing so is akin to storing passwords in plain text.
I think they want to, but Microsoft has made it expensive for open source developers who do this as a hobby and not as a job to sign their software. I know not too long ago, this particular dev was asking its users to install a root certificate on their PC so that they wouldn’t have to deal with Microsofts method of signing software, but that kind of backfired on them.
Yes, but from what I understand this refers to the automatic update functionality and not Microsoft’s own .exe signature verification thing.
Couldn’t you do it like this:
That should work, shouldn’t it?
No, because you wouldn’t be able to execute the updated exe without a valid signature. You would essentially brick the install with that method, and probably upset Microsoft’s security software in the process.
I meant the old .exe would check the signatures before initializing the official Windows way to update. Effectively have this run whenever you start the application:
main() { if (update_available()) { exe_path = download_update() if (signature(exe_path) == SIGNATURE) { install_update(exe_path) restart() } else { put_up_a_warning_or_something() delete(exe_path) } } # Rest of the application # ... }The only thing I have no idea how to implement would be the
install_update(path)function. But surely this is one way to install updates without signatures recognized by Microsoft, right?And if for some reason you aren’t allowed to sign the .exe because this breaks something, then place an unsigned .exe in a signed zip folder.
Let’s Encrypt is a trusted, established alternative, it could replace Microsoft for long-lived software certificates.
Or tarnish its name associating it with malware and bad actors, who knows?
Cryptography is hard and programmers are notoriously really really really bad at it.