包裹签名和数字证书
[英]Package signing , and digital certificate
问题描述
I Created a windows forms application using c# the output of the App is .exe , in the references of this project , I had added a reference of many dlls that this project needs all of them are Created by me.But these referenced dlls , some of them are using third parities Dll. 
我使用c#创建了一个Windows窗体应用程序,App的输出为.exe,在该项目的引用中,我添加了许多该项目需要的dll的引用,而这些dll都是我创建的。但是这些引用的dll,有些他们正在使用第三位奇偶校验Dll。
I packed the .exe and all referenced dll in an installer project using wix Toolset. 我使用wix Toolset将.exe和所有引用的dll打包到一个安装程序项目中。
Note that the .exe and the installer has no strong names and not signed with key. 请注意,.exe和安装程序没有强名称,也没有使用密钥签名。
I upload this .msi result file into an intranet server , but when users download it from intranet it through google chrome , it gives a warning message like in fig1. 我将此.msi结果文件上传到Intranet服务器中,但是当用户通过google chrome从Intranet下载该文件时,它会发出如图1所示的警告消息。 Chrome warning 镀铬警告
and when the user Double clicks the .msi file after downloading to start installation process , it activates windows smart screen . 当用户在下载后双击.msi文件以开始安装过程时,它将激活Windows智能屏幕。 Smart screen warning 智能屏幕警告
and while running the installer it displays User account control message with yellow banner as in fig3.[windows smart screen warning][3] 并且在运行安装程序时,它显示带有黄色横幅的用户帐户控制消息,如图3所示。[Windows智能屏幕警告] [3]
I made a lot of invistigations and i had find out that this is because my code is not digitally signed with digital certificate, actually i have no experience on this and i don't know if this is the true reason or what. 我进行了很多调查,发现这是因为我的代码未使用数字证书进行数字签名,实际上我对此没有经验,而且我不知道这是真正的原因还是什么。
And do i need to make my .exe strongly signed by signing the assembly from signing tab of .net , I also have no experience about singing an executable package. 我是否需要通过从.net的“签名”选项卡中对程序集进行签名来使.exe强烈签名,我也没有唱歌可执行文件的经验。
all what i need is that i don't want the user to feel like he is downloading and running something that is not trusted. 我所需要的就是我不希望用户感觉到他正在下载并运行不受信任的内容。
if the reason is that the package needs digital certificate , do i have to sgin the assembly with strong name to be able to sign it with digital certificate ? 如果原因是包装需要数字证书,我是否必须使用强名开头组件才能使用数字证书签名?
1 个解决方案
解决方案1
0 已采纳 2016-03-02 06:58:05
Windows treats all application which are published by verified publisher as non-trusted application. Windows将经验证的发布者发布的所有应用程序视为不可信的应用程序。 If you want to make your application trusted by windows digitally sign your application. 如果要使Windows信任您的应用程序,请对应用程序进行数字签名。
- First buy Code-Signing-Certificate. 首先购买代码签名证书。 lets say from Godaddy cheapest available ( https://in.godaddy.com/web-security/code-signing-certificate ). 可以从Godaddy说最便宜的( https://in.godaddy.com/web-security/code-signing-certificate )。 After buying certificate just follow procedure on godaddy to get your Certificate(.pfx) file. 购买证书后,只需按照Godaddy上的步骤操作即可获取证书(.pfx)文件。
- Install visual studio express 安装Visual Studio Express
- Install InstallShield for generating .exe 安装InstallShield以生成.exe
- You can sign your output with the certificate by using installshield easily. 您可以使用installshield轻松地使用证书对输出进行签名。 Refer the screenshot for details. 有关详细信息,请参阅屏幕截图。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.