Code Signing of executable and installers

seanhannan · Post by **seanhannan** » Thu Nov 18, 2021 2:27 am

Are there any plans to sign the installer or executables files?

We (and I am sure other companies) cannot get the software approved and past out vetting policies due to the installer and associated executables being unsigned which wil lin turn cause Microsoft AppLocker to block any attempt to install or run CloudCompare within our secure environment ?

Post by **daniel** » Thu Nov 18, 2021 5:17 pm

Ah why not, I just don't know how to do that yet ;)

Any idea?

Post by **daniel** » Thu Nov 18, 2021 5:18 pm

https://stackoverflow.com/questions/252 ... s-exe-file

I bet we just need to get a valid certificate then...

seanhannan · Post by **seanhannan** » Wed Nov 24, 2021 5:02 am

Yes - Needs a valid code sign certificate. The one to get is the EV certificate but this may be difficult to get without a business entity. The non-EV certificates once obtained require numerous installations to build reputation that is then attached to the certificate. In my experience this can take an LOT longer than expected and does not help bypass signed installer and executable requirements in the mean time.

Something like this should do the trick: https://ssl.comodo.com/ev-code-signing but as always, DYOR :)

Post by **daniel** » Wed Nov 24, 2021 10:06 pm

Yes I looked at various solutions, but most of them involve paying... and we can't say that the project is overflown with donations :(

seanhannan · Post by **seanhannan** » Thu Nov 25, 2021 12:21 am

Thanks for the responses Daniel.

Post by **daniel** » Sun Nov 28, 2021 9:07 pm

Ok, I have found the 'Open Source Code Signing' option from Certum. It's less than 60€ per year! Let's see how it works...

https://shop.certum.eu/open-source-code ... ysign.html

Post by **daniel** » Mon Nov 29, 2021 10:00 pm

Ok, so I don't know how well it will work, but the installers and executables of the 2.12.beta version (normal and stereo) are now signed!

seanhannan · Post by **seanhannan** » Thu Dec 23, 2021 1:02 am

Great thanks for the notification Daniel. That will be a great help to us and I am sure others moving forward and will make future versions easier to get past our required compliance and security vetting procedures.

I have been dealing with our internal ITSec team and some external ITSec contacts and have managed to get approval for 2.11.3 as the latest stable version approved using file hashes rather than certificate.

CloudCompare forum

Code Signing of executable and installers

Code Signing of executable and installers

Re: Code Signing of executable and installers

Re: Code Signing of executable and installers

Re: Code Signing of executable and installers

Re: Code Signing of executable and installers

Re: Code Signing of executable and installers

Re: Code Signing of executable and installers

Re: Code Signing of executable and installers

Re: Code Signing of executable and installers