How to apply digital signature to Visual Studio projects?

bytecode77 picture bytecode77 · Aug 17, 2015 · Viewed 9.6k times · Source

Executables and DLL's can be digitally signed. It suggests trust to the user.

However, my research upon this topic is slowly leading nowhere. I think I need a complete step-by-step idiot's guide on how to digitally sign binaries, directly upon compilation. What I mean is: Click on "Build" and retrieve a signed executable. I really don't want to manually sign everything myself.

Visual Studio has a "Signing" tab in project properties, so I guess I have to look there. It seems like I need a .pfx file for that. But where exactly do I get one that contains my name and how do I use it correctly?

Also, does this cost money? - Per binary / only once / not at all?

Example of a signed binary:

example

Answer

pepo picture pepo · Aug 17, 2015

I have always signed my dlls and applications manually. To make your signature last even after code sign certificate expires you need to add a timestamp to the signature.

To sign a dll/exe you need to buy the codesign certificate but there are CAs (i.e. if you are open source developer) where you can get it for free. One of them is Cetrum CA (which I am currently using). Take a look here. The process of obtaining it is a torture, but the certificate itself is OK. (it doesn't work with all browsers - use FF, single signon needs to be done on every page and mails are in Polish language.)

Timestamp can be obtained for free (i.e. from the link in Hanselmans blog or you can find a list of free RFC 3161 compliant timestamp authorities here)