Collaborate Disseminate
We distribute a Windows application. The application is code signed with a certificate from a proper/trusted CA. This provides some guarantee that the application came from us (checked by the OS).
We use CryptQueryObject to get the fields … Continue reading Should my executable check that it has been signed with my certificate
I have a system (lets call it signer) that has private keys for doing Authenticode code signing. I have bunch of build systems that want to sign generated build artifacts. Obviously I can’t use signtool directly on build systems as private… Continue reading Windows CSP for remote signing
We have most of our SSL certificates hosted at GoDaddy but have Standard Code signing certificate from GlobalSign, we would like to switch to GoDaddy CSC since our CSC from GlobalSign is expiring in 3 months.
How would this affect MS Smart… Continue reading Switching CSC certificate issuer and SmartScreen
I know that even a software signed with a new code signing certificate triggers Microsoft Defender SmartScreen warning:
Windows Defender SmartScreen prevented an unrecognized app from starting
The warning goes away only after the certifi… Continue reading Transferring Microsoft SmartScreen reputation to renewed certificate
I recently acquired a Microsoft Authenticode Code-signing certificate as a new certificate using an identical name to another one which will expire soon.
Obviously, the new certificate has no reputation attached to it, and will take some … Continue reading Can I sign with two Code Signing certs to build reputation on the newer one?
In a Windows portable executable (PE) file the certificate directory points to an offset to a WIN_CERTIFICATE structure. My understanding is that while the field is named bCertificate, it actually contains an array of certificates in ASN.1… Continue reading Are all fields of the PE certificate directory hashed during authenticode signing?