Simplewall: Add a Digital Signature to Executables(Installer and other exe's)

Where and how i can give it?

You can use SignTool.exe (the tool is automatically installed with some installation of Visual Studio, if your version does not include the tool you can download it by downloading Windows SDK at: https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk).
you can read more about the tool here:
https://docs.microsoft.com/en-us/dotnet/framework/tools/signtool-exe

before you can use the tool you need to create a Certificate , follow this guide:
https://docs.microsoft.com/en-us/windows/uwp/packaging/create-certificate-package-signing

*please notice that after this step a new certificate will be added to your local certificate store

after this creating and exporting the Certificate, use this guide to sign the exe:
https://docs.microsoft.com/en-us/windows/desktop/seccrypto/using-signtool-to-sign-a-file

after this you will receive a signed exe:

looking in signed exe cert details:

If you want you can use one of "Microsoft Trusted Root Certificate Program: Participants" to sign your certificate(i don't think they are signing for free) - so you will be trusted by a Trusted Root Certificate(you will not have the red cross in the "Digital Signature Details"):
https://social.technet.microsoft.com/wiki/contents/articles/31634.microsoft-trusted-root-certificate-program-participants.aspx

i don't think they are signing for free

Yeah, me too ;)

Microsoft Trusted Root Certificate Program

Anyone else? I don't want to sponsor worldwide monopoly.

I believe that self-signed binary is good enough(and free (-: )

@baMain, no, it's not good enough

The no is for
Not free?
Or not good enough?

Or both of them?

Self-signed certificates are untrusted by all. It's same thing as .exe without certificate.
But some signers do free certificates for open source software.

Do you know who sign open source projects for free?
It could be useful for other open source projects i am involved in.

@baMain,

• Certum has been free for opensource, but now it cost has €28.00.
• Process Hacker used contributed kernel-driver certificate from ReactOS project, but i dont know user-mode signature is from.

@wj32, @dmex, @XhmikosR - can you share with us about information, where you give signature for your Process Hacker and other projects?

Thank you (:

IIRC ReactOS signed the kernel drivers for Process Hacker. For simple programs the certs aren't so expensive, though. I personally bought a cert from DigiCert when Certum's stopped being free.

@XhmikosR, i think Certum is cheaper than DigiCert (for opensource of course).

@henrypp

ReactOS signed the kernel drivers for Process Hacker

At first ReactOS signed the Process Hacker driver (including a few other open source projects) years ago but we've been using @wj32 's certificate since 2010 and they've since discontinued driver signing.

https://reactos.org/wiki/index.php?title=Driver_Signing&oldid=34012
https://reactos.org/wiki/Driver_Signing

@henrypp, Would you re-consider this ticket? I recognize your concern regarding monopoly support, however in lieu of circumstances, it is probably safer for end-users to have an application signed with a certificate recognized by the OS.

Happy to sponsor the purchase if that is of any help.

Rahmet/spasibo/etc.