OT - a new release of WinSignHelper for macOS

Randy Hengst iowahengst at mac.com
Thu Aug 24 09:28:49 EDT 2023 

Hi All,

This all very interesting. I haven’t built for windows in about 10 years. So, I’ve never messed with signing certificates.

I’ve downloaded and played with Matthias’ CodeSigning Tool… seems very straight forward. But, I’m trying to build an app only for a friend to use for free and, so, I’m not too keen on buying a certificate for $100+ every year.

Is there a way for folks to open an app on windows that is not signed? …like you can do on a Mac after the scary alert…

take care,
randy

Randy Hengst
classroomfocusedsoftware.com



> On Jul 20, 2023, at 10:47 PM, J. Landman Gay via use-livecode <use-livecode at lists.runrev.com> wrote:
> 
> Very useful info, thank you. Especially the part about using the token on different machines. I was duped into believing everything I read on the internet. :)
> 
> --
> Jacqueline Landman Gay | jacque at hyperactivesw.com
> HyperActive Software | http://www.hyperactivesw.com
> On July 20, 2023 4:20:59 PM matthias rebbe via use-livecode <use-livecode at lists.runrev.com> wrote:
> 
>>> Am 20.07.2023 um 17:21 schrieb J. Landman Gay via use-livecode <use-livecode at lists.runrev.com>:
>>> 
>>> Thanks Matthias. I've been reading about it and I think the cert is stored on the machine but it is tied to that computer and not exportable.
>> 
>> 
>>> If you get a new computer you need to buy a new certificate.
>> I don't think that is true. The new type of certificate has to be stored on a secure device. That's what the eToken is for. The private key is also stored on the eToken and the certificate and the private key cannot be exported. You should be able to use that token on multiple computers. You just have to install the eToken driver to an other computer and attach the eToken to it.
>> 
>> This is what Trustzone is saying about it:
>> "The token-based type of Standard Code Signing certificates can also be used on multiple computers. The same goes for token-based EV certificates. But no token-based certificate can ever be used simultaneously on two computers since the SafeNet token can only be plugged into one computer at a time."
>> 
>> As i never had such eToken, i do not know, if the certificate and the private key can be accessed as files through Finder. And what extension do they have. I've read the osslsigncode can use also certificates and key files with .cem extension.
>> So if the eToken contains such files, WinSignHelper could be slightly adjusted to work with the eToken. But that's just an assumption.
>> 
>> Matthias
>> 
>> 
>>> So I don't think I'll experiment, and we'll just do the whole thing on the Windows box.
>>> 
>>> The sad part is that if we'd renewed just a couple of weeks earlier we'd have been within the cutoff date and could have purchased the old type of certificate.
>>> 
>> Same here. I was about 5 days to late otherwise i could have ordered the olde type.
>> 
>> 
>>> If anyone else has used the new token hardware I'd be grateful for any tips or suggestions. This is all new to me.
>> 
>> I am using a cloud based OV certificate from Certum. I just need to install the Software SimplySign Desktop. The software "integrates" the certificate into Windows' certificate storage (or what ever this is called) after i logged in using that SimplySign Desktop software.
>> Microsoft's signtool can then directly access the certificate.
>> 
>> 
>>> --
>>> Jacqueline Landman Gay | jacque at hyperactivesw.com
>>> HyperActive Software | http://www.hyperactivesw.com
>>> On July 19, 2023 4:20:23 PM matthias rebbe via use-livecode <use-livecode at lists.runrev.com> wrote:
>>> 
>>>> To be honest, i do not know.
>>>> I am currently using a cloud code signing certificate which i can only use on Windows.
>>>> I've chosen the cloud version because of the price, but later i noticed that it seems that those cloud certificates cannot be used on macOS.
>>>> Or maybe they can, but i do not know how, especially with ossl signcode
>>>> WinSignHelper uses ossl signcode and currently that tool needs a path to a certificate
>>>> 
>>>> Do you know where the certificate is stored with the eToken solution? Is it stored also on the eToken or anywhere else on the Mac?
>>>> If you have the certificate as a physical file it maybe could be possible to select that file in the WinSignHelper prefs.
>>>> 
>>>> But as  i alread wrote, i really don't know exactly.
>>>> 
>>>> I am currently thinking of purchasing a 2nd certificate as eToken solution, but there is not yet a decision made, if i should spent money for this, as i have a working cloud certificate which expires in 3 years.
>>>> 
>>>> Regards,
>>>> Matthias
>>>> 
>>>>> Am 19.07.2023 um 22:53 schrieb J. Landman Gay via use-livecode <use-livecode at lists.runrev.com>:
>>>>> 
>>>>> @Matthias: does the upgraded WinSignHelper work with the new hardware eTokens? Those are required now.
>>>>> 
>>>>> If so, do the instructions change on how to use your tool?
>>>>> 
>>>>> 
>>>>> On 12/23/22 10:44 AM, matthias rebbe via use-livecode wrote:
>>>>>> i've upgraded my free tool WinSignHelper.
>>>>>> For those who do not know what WinSignHelper is...
>>>>>> It's a GUI for osslsigncode. Osslsigncode is command line tool that can do the Authenticode signing and timestamping. With it you can code sign Windows applications  using an appropriate code signing certificate.
>>>>>> You just drag a folder with your Windows application into WinSignHelper and it signs all components of your standalone (.exe and .dll).
>>>>>> WinSignHelper Help section gives enough information about how to install osslsigncode.
>>>>>> So if anyone is interested in testing....
>>>>>> The version is  notarized and is an universal build for X86 and Arm
>>>>>> Zip
>>>>>> https://dl.qck.nu/?dl=WinSignHelper_universal.zip
>>>>>> DMG
>>>>>> https://dl.qck.nu/?dl=WinSignHelper_universal.dmg
>>>>>> Hope this is of help for one or the other.
>>>>> 
>>>>> 
>>>>> --
>>>>> Jacqueline Landman Gay         |     jacque at hyperactivesw.com
>>>>> HyperActive Software           |     http://www.hyperactivesw.com
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> use-livecode mailing list
>>>>> use-livecode at lists.runrev.com
>>>>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>>> 
>>>> 
>>>> _______________________________________________
>>>> use-livecode mailing list
>>>> use-livecode at lists.runrev.com
>>>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>> 
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>> 
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
> 
> 
> 
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

More information about the use-livecode mailing list