|
<< Click to Display Table of Contents >> RayPack > 7.3 u6 > User Guide > Advanced Topics Digital signing |
In this chapter, we will delve into the critical process of code-signing a Windows Installer Package (MSI) to enhance the security and trustworthiness of your software. Code-signing is a vital step in the software development and distribution process, as it assures users that the package has not been tampered with and originates from a legitimate source.
Typically, this is what needs to be done to be able to sign a package:
1.Obtain or generate a self-signed certificate
2.Configure RayPack to use the certificate and a correct timestamping server
3.Build MSI or MSIX project, with signing enabled
4.(optional) For self-signing, ensure the certificate is trusted on your device
5.Validate the signature
To digitally sign your package and establish trust in the authenticity of your software, obtaining a code signing certificate is essential. Since the topic of code signing certificates is vast and beyond the scope of this documentation, we will focus on two primary options for obtaining one:
Self-signed certificates involve generating your own certificate and then distributing it to the target machines where you want to install your application, ensuring that it is recognized as a certified entity. These types of certificates are primarily intended for testing scenarios, but in enterprise environments they can also be used as a viable alternative to commercial certificates - administrators can choose to deploy them via Group Policy Objects, as part of a managed PKI (Private Key Infrastructure).
A simple how-to guide with a sample script can be found in the following chapter: Creating Self-Signed Certificates, but you can also use other approaches, tools, and scripts, many of which are available for free on the Internet.
Certified Authority (CA) certificates are purchased from accredited vendors with trusted authority status. These vendors issue certificates recognized by the operating system, eliminating the need for additional configurations on machines where your application is installed.