os pongo el procedimiento "gratuito" que sigo yo cuando tengo que firmar el EXE aunque no es 100% signed with authority online podria serviros para evitar esos mensajes de windows alerts
recordad que: ahi pone Myapp.exe" "Myapp.pfx" y "mypasswd" no seais cazurros
si no teneis el programita signtool aqui os lo dejo:
https://developer.microsoft.com/en-u...s/windows-sdk/
Cita:
----------------------------------------------------------------------------------------------------------------------------------------------
https://www.youtube.com/watch?v=m77p30bvY5E&t=166s
SIGNING FILE FREE: (primero en Powershell)
PS C:\WINDOWS\system32> $cert = New-SelfSignedCertificate -Subject "Myapp.exe" -CertStoreLocation "C:\" -HashAlgorithm sha256 -type CodeSigning
PS C:\WINDOWS\system32> $pwd = ConvertTo-SecureString -String "mypasswd" -Force -AsPlainText
PS C:\WINDOWS\system32> Export-PfxCertificate -cert $cert -FilePath Myapp.pfx -Password $pwd
Directory: C:\WINDOWS\system32
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 3/20/2024 3:15 PM 2621 Myapp.pfx
(segundo en CMD Line)
signtool sign /f Myapp.pfx /fd SHA256 /p mypasswd Myapp.exe
signtool.exe timestamp -t http://timestamp.digicert.com Myapp.exe
por ultimo en las propiedades del archivo en certificados INSTALAR CERTIFICADO
----------------------------------------------------------------------------------------------------------------------------------------------
////////////ESTO ES SOLO LA AYUDA EXPLANATION, LOS COMANDOS A HACER SON LOS DE ARRIBA Y YA ESTA /////////////////////////////
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
How to sign your app
Use Microsoft's SignTool to sign your app.
You download it as part of the Windows SDK. Note that it's also possible to install SignTool without installing the entire SDK.
Once installed you can use SignTool from the command line like so:
signtool sign /a /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 MyFile.exe
This will sign MyFile.exe. Explanation of the used command line options:
/a will automatically use the certificate that is valid for the longest time. If you have no certificate, SignTool will display an error.
/fd SHA256 will use the SHA-256 digest algorithm for the file signature. Using SHA256 is recommended and considered to be more secure than the default SHA1 digest algorithm.
/tr http://timestamp.digicert.com adds a timestamp to your signed apps. This is extremely important because this will allow the signature to remain valid even after the certificate itself has already expired. The argument for the /tr option is a timestamp URL. You can use any of the timestamp URL's from this list of free RFC 3161 timestamp servers.
/td SHA256 will use the SHA-256 digest algorithm for the timestamp signature. As before, using SHA256 is recommended and considered to be more secure.
How and when to use self-signed certificates
If you'd like to get a hold of a certificate that you can use to test your process of signing the executable, you can use MakeCert to create a self-signed certificate.
Once you've created your own certificate and have used it to sign your executable, you'll need to manually add it as a Trusted Root CA for your machine in order for UAC to
accept your self-signed certificate as a trusted source. Note that you can only do this on your own development machines.
You usually can not do this on your user's computers, since most users will not accept to install a new Root CA for good reasons.
How to get rid of the "unrecognized app" warning
Even if your app is signed, you might still see the following warning message when trying to run the app:
Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.
How to avoid this warning is a somewhat complex topic. Please see this answer to get the whole picture about these Microsoft SmartScreen warnings
and what you can do and should know about it.
|