Saturday, December 22, 2007

Signing Guide for the Lazy Guy

John Robbins' Blog - Code Signing – It’s Cheaper and Easier than You Thought

"One of the things I've always wanted to do, but never got around to, is to figuring out how to sign my code. Like most developers, I never really worried about code signing until Vista came along. Maybe it's just because I'm completely anal retentive, but I always felt a little guilty when my applications or installations that need administrator privileges show the dreaded UAC Cancel/Allow dialog:

...

To me, that just looks a bit unprofessional. I don't want to be known as "Unidentified Publisher." The main reason small shops or independent developers don't sign their applications is because the cost of a code signing certificate, sometimes called an ID, has always been very expensive. Checking VeriSign right now, they want $499 USD for a one year certificate and $1,293 USD for a three year certificate. For that much money you can get pretty nice laptop. Thus began my quest to see if I could get a code signing certificate for a reasonable price.

In this blog entry I'll show where I got a reasonably priced certificate and how to get your binaries and installs signed correctly. As I was reading how to make everything worked, there was no one place that showed all the parts from buying a certificate, to getting it on your machine, to getting you code signed in the real world. Hopefully this will help you out if you want to or are required to code sign.

...

Now with the reasonably priced digital certificates through TUCOWS, you should take a hard look at signing your binaries and installations. It's not required, but it sure looks better on Vista if you do."

I've been a lazy guy and avoided looking into code signing my code and installs because I thought it would be expensive and a pain...

After reading John's article I see the pain can be managed, but the price may still be an issue (for my personal/OSS/free/just because I like to code non-money making/etc projects). Still, I do hate the Vista unsigned setup nag would like to make it go away. Like John, I feel it's kind of smelly...

Added to my 2008 To Do list...

(via JasonHaley.com - Interesting Finds: December 21, 2007)

Posted 12/22/2007 05:34:00 PM

Tags: , , ,

3 comments:

Herold van der Vegt said...

Free code signing is possible with CA-CERT (http://www.cacert.org), but you have to have 100 points and they need a copy of your photo ID

I still have 0 points ;-)

Mon Dec 24, 07:28:00 AM PST
Anonymous said...

What does mean 100 points and photo ID?

Mon Sep 01, 05:26:00 PM PDT
Greg said...

I believe if you go to http://www.cacert.org it's all explained...

Tue Sep 02, 04:36:00 AM PDT

Post a Comment

Subscribe to: Post Comments (Atom)