busybox-w32 icon indicating copy to clipboard operation
busybox-w32 copied to clipboard

Published 20 hours ago verified publisher icon rmyorston

Please sign the executable

Open ale5000-git opened this issue 6 years ago • 4 comments

Sorry to bother you again. I was seeing that there are signature files so I thought that it would be nice if the signature was in the exe itself (in a way that can be seen from explorer).

There is a method of signing on Linux here.

ale5000-git avatar Mar 28 '18 11:03 ale5000-git

@vszakats (who has raised some busybox-w32 issues in the past) has a nice script to handle certificate management.

I've tried this out but I'm not convinced. While it's nice that the signature can be included with the binary:

  • a simple signature adds 3.5K to the size of the executable, with a timestamp it adds 8.5K;
  • a self-signed certificate results in unpleasant warnings in the explorer properties dialog;
  • I'm pretty sure more people will never bother to check the signature.

rmyorston avatar Apr 09 '18 10:04 rmyorston

I agree that self-signed signatures aren't really useful for most cases. A signature accepted by default Windows installations will almost certainly cost money though. At least I couldn't find a free option as of mid last year.

vszakats avatar Apr 09 '18 11:04 vszakats

I'm asking it because in addition of being visible in explorer which is nice, in the future I will also add signature verification in my scripts.

PS: To see an example, these OpenSSL binaries are digitally signed.

ale5000-git avatar Apr 09 '18 11:04 ale5000-git

Code signing certs cost money though.

Ronsor avatar May 23 '18 22:05 Ronsor