Executable signing. #1
Description
What is this?
Executable signing is when a developer signs an executable file and attaches a digital signature using code signing certificates issued by a trusted Certificate Authority (CA). This certificate links the application to the developer's identity, validating the application and marking it as trusted.
What does it do?
-
Authenticates
In other words, it confirms the publisher's identity when users download or run the application. -
Integrity
It ensures the file has not been edited or altered since it was signed, even if a single data byte was changed; if a byte was modified, the signature is null and invalid. -
Creates Trust and Reputation
For SafeNotes, this would create trust and reputation because things like SmartScreen and antiviruses are less likely to trigger warnings, warning users that the application may be harmful and/or a virus.
Why is it important?
As outlined above, creating trust and a reputation when delivering the product to the end user is vital. This trust would come from avoiding "bypass security warnings," and potentially prevent malware authors from impersonating SafeNotes.
What is our objective in fixing this?
This is quite simple: We will pay for a digital signature and implement the code signing to verify and authenticate our application, prevent malware authors from impersonating SafeNotes, and build trust and reputation by avoiding SmartScreen and antivirus software warnings.
NOTE: This will only be resolved if we get the funding to pay for the signature; otherwise, we will keep this open.
Please note: This will not happen quickly given the cost of the keys to sign the executable. It can cost hundreds of dollars, and this is not something I, as a college student, have the means to do at this moment.