What is signing ClickOnce manifests for?
According to Microsoft, you must sign your ClickOnce application. But it seems to me that it works just fine when I publish it without signing it (by turning off the 'Sign the ClickOnce manifests' option).
I really didn't care and kept the default values (I think I was using a test certificate) until I changed computer and started getting a message telling me that 'The application is signed with a different key than the existing application on the server', which seems will cause my users to stop getting automatic updates. Apparently, VS uses my computer's name to create the key.
So, should I just stop signing my ClickOnce manifests to prevent this kind of error, or is there any benefit from singing it. Also, are these certificates the ones that would cause the 'Publisher: Unknown Publisher' message when installing the application to show my company name instead, or would I need to purchase two different kind of certificates?
Answer
It's a security feature that allows your users to verify that any updates really originated from the publisher of the version you installed before. This is a basic property of Public Key encryption. On top of that you can have your certificate authorized by a trusted peer so that the details of the publisher supplied are also verified. (Having the same publisher as before doesn't have to mean the original information about the publisher is correct. That's the advantage of a bought one.)
So summary:
- No certificate puts your users at a gamble where the software came from.
- Self-signed certificates give the user certainty that updates at least came from the same publisher as their original install. But still don't know where this original came from.
- Purchased certificates give users a degree of certainty that the information about the publisher is verified by a 3rd (and trusted) party. As well as any following updates.