Page 1 of 1

Code Signing of executable and installers

Posted: Thu Nov 18, 2021 2:27 am
by seanhannan
Are there any plans to sign the installer or executables files?

We (and I am sure other companies) cannot get the software approved and past out vetting policies due to the installer and associated executables being unsigned which wil lin turn cause Microsoft AppLocker to block any attempt to install or run CloudCompare within our secure environment ?

Re: Code Signing of executable and installers

Posted: Thu Nov 18, 2021 5:17 pm
by daniel
Ah why not, I just don't know how to do that yet ;)

Any idea?

Re: Code Signing of executable and installers

Posted: Thu Nov 18, 2021 5:18 pm
by daniel
https://stackoverflow.com/questions/252 ... s-exe-file

I bet we just need to get a valid certificate then...

Re: Code Signing of executable and installers

Posted: Wed Nov 24, 2021 5:02 am
by seanhannan
Yes - Needs a valid code sign certificate. The one to get is the EV certificate but this may be difficult to get without a business entity. The non-EV certificates once obtained require numerous installations to build reputation that is then attached to the certificate. In my experience this can take an LOT longer than expected and does not help bypass signed installer and executable requirements in the mean time.

Something like this should do the trick: https://ssl.comodo.com/ev-code-signing but as always, DYOR :)

Re: Code Signing of executable and installers

Posted: Wed Nov 24, 2021 10:06 pm
by daniel
Yes I looked at various solutions, but most of them involve paying... and we can't say that the project is overflown with donations :(

Re: Code Signing of executable and installers

Posted: Thu Nov 25, 2021 12:21 am
by seanhannan
Thanks for the responses Daniel.

Re: Code Signing of executable and installers

Posted: Sun Nov 28, 2021 9:07 pm
by daniel
Ok, I have found the 'Open Source Code Signing' option from Certum. It's less than 60€ per year! Let's see how it works...

https://shop.certum.eu/open-source-code ... ysign.html

Re: Code Signing of executable and installers

Posted: Mon Nov 29, 2021 10:00 pm
by daniel
Ok, so I don't know how well it will work, but the installers and executables of the 2.12.beta version (normal and stereo) are now signed!

Re: Code Signing of executable and installers

Posted: Thu Dec 23, 2021 1:02 am
by seanhannan
Great thanks for the notification Daniel. That will be a great help to us and I am sure others moving forward and will make future versions easier to get past our required compliance and security vetting procedures.

I have been dealing with our internal ITSec team and some external ITSec contacts and have managed to get approval for 2.11.3 as the latest stable version approved using file hashes rather than certificate.