It’s just about time to release the next version of the Super Simple Photo Resizer, and one of the things that means is Code Signing. However, code signing isn’t a simple process. Well, it’s rather simple, but not all that simple. There’s a lot of overhead for it. The actual process of doing the signing is near trivial, at least how I do it anyways.
Being the eternally lazy one that I am, I always search for new, better, faster ways to do things. Computers are there to help you get things done, and not there for you to “learn how to do things”. At the end of the day, who cares about all that “learning” crap? It’s all about getting things done. Computers are tools, and should do work for you rather than you doing work for them.
So, for code signing, I’ve done 2 simple things.
- Buy a certificate from Mitchell Vincent at KSoftware
- Use Kent Brigg’s SignGUI utility to do the code signing
The process of purchasing a certificate to sign software isn’t trivial. It’s rather complex. You need to provide documentation and all sorts of goodies that prove who you are and prove that you can be located and tracked down and dragged out into the streets and flogged publicly. Or something like that anyways…
This helps with security process because it delivers a level of accountability. Now, you can go out and pay a truckload of money through Verisign or some other company, or you can get the best price possible through Mitchell Vincent as he sells code signing certificates here. I wouldn’t hesitate for a second to personally vouch for Mitch. Check out his site there if you’re looking to do code signing because he’s got everything you need to know down there.
Now, one of the little tidbits Mitch has laid out is a super-cool, easy utility written by Kent Briggs called “SignGUI“. You don’t have to have it, but it will certainly cure a lot of pain for you. I’d certainly recommend using it.
SignGUI gives you a nice, easy front-end for the Microsoft “signtool.exe” program. So, instead of farting around with command line silliness, you can use SignGUI to make the process much easier and faster. You can also save configurations so that later on you can simply open them up and sign your software with minimal fuss, i.e. 1 click.
Or, you can succumb to your dark, inner masochist…
But why would you want to go out and pay money for all that and incur that additional step? Simple. User trust. By signing your software, you don’t get the nasty “Unknown Publisher” warnings that can scare off some users. This is particularly more important for the less techno-savvy users out there, as they are more prone to seeing a warning, getting scared, and not installing your software. Not good. You just lost a potential customer.
Here are a couple examples…
Expresso is a wonderful utility for developing and testing regular expressions (regex), and I would highly recommend it to anyone that needs to work with regular expressions. However, it isn’t code signed, so when you go to install it, this is what you see:
However, many people out there see the yellow/orange warning and panic. ACK~! It’s a virus~! It’s out to steal my passwords and credit cards and maybe even my dog! RUN AWAY~!
You’d be surprised. That’s exactly how some people react. My neighbor was telling me about an “incident” he had, and that’s all it was: an average piece of software that wasn’t signed. He didn’t install it. He got scared.
It’s not threatening, and much more inviting for the user to proceed. It has a note there about where the file is from, “Downloaded from the Internet”, but there’s not much you can do about that. You need to “unblock” the file by right-clicking on it, choosing Properties, then clicking the “Unblock” button. That results in something like this when the setup file is run:
So the message then reads, “Hard drive on this computer”, which isn’t much of a change.
There are other reasons as well for code signing, but that’s probably at the top of the list for a lot of developers.