#code-signing — Public Fediverse posts

@squiblydoo : perhaps this is related to the DigiCert hack described in https://bugzilla.mozilla.org/show_bug.cgi?id=2033170?

#DigiCert #CodeSigning #EVcertificates

If your looking for lower cost code signing certificate for an open source project then Certium has options:

https://www.certum.eu/en/

€69 for the first year, which apparently includes a USB device to house the certificate hardware, renewals is a lot less.

Seems like a good option, although I've not tried this personally 🙂🤷‍♂️

#AppDevelopment #OpenSource #Certificates #DigitalCertificates #CodeSigning

I've been struggling with #codesigning on #Windows all day today. #Certificate management is incomprehensible.

How do you feel about customer IT departments that demand software to be signed with certs that are not expired, even though the cert was valid at the time of signing the software (which is also proven by timestamp)?

#sysadmin #windows #codesigning

Someone was looking for inexpensive or at least less expensive Code Signing Certs:

https://cheapsslweb.com/

$219 per year from Comoddo and available for individual developers 🙂

#CodeSigning #DigitalCertificate

Help, I need a code signing certificate that won't bankrupt me.

Three years ago, I paid $100 for a three-year code signing certificate. I've signed all my open-source projects' releases with it. Now that it's renewal time, Certera (SignMyCode.com) wants almost $700 for the same three-year certificate (excluding the mandatory HSM purchase, which I am totally on board with).

I write silly C and PowerShell code, and I timestamp my signatures so that they're perpetually valid. My PowerShell Gallery stuff, as well as binaries of aprs-weather-submit on Windows and macOS, are all signed and hashed (but not notarized by Apple, because that's another $99 a year for something that feels done unless Bob Bruninga's followers are thinking about APRS 2.0).

If I can't find a solution, anything I write or update in the future will have to be released as unsigned unless I half-ass something (like the Notepad++ developer using self-signed certs -- semi-dangerously clever). $100 every three years, fine. $700 every three years, and I'll do it if my three fans click my Buy Me A Coffee link over and over.

Is there any CA out there that will offer open-source, not-for-profit developers like me a chance to get globally-trusted code signing certificates? I don't think SigStore ever took off (sadly), and even if it did, I don't think it's part of the Microsoft Authenticode program.

#CodeSigning #SSL #TLS #certificates #Certera #SoftwareDevelopment #C #PowerShell #PowerShellGallery #AmateurRadio #HamRadio #APRS #APRS-Weather-Submit #GitHub #security #developer #Windows #macOS #Linux #Authenticode #DevSecOps #DevOps

Help! I would like use use AWS CloudHSM to sign a Debian package. We currently have a gpg-based flow using reprepo to create an APT repository.

I cannot for the life of me figure out how to put all the pieces together. All the Debian tooling I can find assumes gpg. I don't see how to put a gpg or gpgme-shaped front end in front of CloudHSM.

But maybe I just don't know which of the available protocols is the correct one. (Is it PKCS11? The compatibility between various smartcard-based gpg use cases and CloudHSM does not seem very clear.)

I would greatly appreciate some pointers on how to put these pieces together. Surely some cryptography or AWS nerd has published a Medium article about this?

#Debian #CodeSigning #CloudHSM

Tiens, the latest Notepad++ release is getting flagged & blocked as malware by AVs and EDRs — all because of a cert issue. 🤦

"The Notepad++ code signing certificate issued by DigiCert expired on the May 15, 2025. Unfortunately it seems the project no longer meets the validation criteria, and the publisher name “Notepad++” has been rejected."
👇
https://notepad-plus-plus.org/news/8.8.2-available-in-1-week-without-certificate/

🔗 Reddit thread
⬇️
https://www.reddit.com/r/cybersecurity/comments/1loijul/notepad_882_getting_flagged_as_malware/

🔍 VirusTotal
⬇️
https://www.virustotal.com/gui/file/49852273a3e98ad1266a5bb7cd056e1154cc6d14e7c2a6e308ae95f355ca10cf/community

#CyberVeille #NotepadPlusPlus #codesigning #infosec

Is anyone out there still adding actual Digital Signatures in the DSIG table of fonts? Current code signing certificates are supplied only as hardware tokens (USB keys), so no direct access to the private key anymore. Is it worth the bother finding a workaround to sign via the token API? #fonts #dsig #codesigning

I've made a small demo script for PGP signing a Python file; this technique could be easily extended to any other scripting language that supports block comments.

https://codeberg.org/Taffer/pygp-sign

Installers could verify the `.py` files in a package, and a runtime could also verify them at import time (hopefully with some key caching involved).

#python #pgp #gpg #codesigning #signatures #SoftwareSuppyChain

I was going to work on my Todoist -> Lunatask importer, but now I'm off on a tangent thinking about a dead-simple way to sign Python code.

#pgp #gpg #python #codesigning

The SignServer Team is happy to announce the release of SignServer CE 7.1.1

Featuring NIST approved quantum-safe algorithms ML-DSA and SLH-DSA.

https://github.com/Keyfactor/signserver-ce/releases/tag/v7.1.1

#Keyfactor #SignServer #digitalsignatures #codesigning #pki #postquantum

@SecurityWriter Individual hobbyists who develop games and other programs for Windows often ask the user to bypass SmartScreen because the dev can't afford a commercial code signing certificate. Is that also just like "disable their security software"?

#WindowsDefender #SmartScreen #CodeSigning #CARacket

The Importance of Code Signing Best Practices in the Software Development Lifecycle – Source: securityboulevard.com https://ciso2ciso.com/the-importance-of-code-signing-best-practices-in-the-software-development-lifecycle-source-securityboulevard-com/ #HardwareSecurityModules(HSMs) #CertificateAuthority(CA) #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CertificateManagement #CyberSecurityNews #SecureCodeSigning #SecurityBoulevard #codesigning #CA/BForum #ISO27001 #NIST #SOC2

The SignServer team is happy to announce the community release of SignServer 7.0.0:

https://github.com/Keyfactor/signserver-ce/releases/tag/v7.0.0

#SignServer #Keyfactor #KeyfactorCommunity #codesigning #DigitalSign #pki #infosec

CodeSigning для разработчиков под Windows по новым правилам

С 1.06.2023 году вступили в действие новые требования к сертификатам для подписи кода (aka CodeSigning), которые значительно осложнили жизнь разработчиков ПО. Суть изменений - прощай старый добрый PFX, закрытые ключи теперь должны быть неизвлекаемыми и некопируемыми . Примеры изменений у поставщиков: раз , два , три - в общем-то у всех одно и тоже. Мы, как российские разработчики, оказались точно также затронуты этими нововведениями. Эта статья родилась как итог экспериментов и проб по преодолению новых вызовов, появившихся на ровном месте, потому что кто-то решил, что... Безопасность должна быть более безопасной

https://habr.com/ru/articles/880696/

#CodeSigning #usbtoken #net #aspnet #powershell #signtool #cng

Docker Desktop Hits Snag: False Malware Alerts Block macOS Users

Docker Desktop is facing a significant hiccup on macOS, as false malware alerts prevent users from accessing the popular container management tool. The issue stems from an incorrect code-signing certi...

https://news.lavx.hu/article/docker-desktop-hits-snag-false-malware-alerts-block-macos-users

#news #tech #DockerDesktop #macOS #CodeSigning

What To Use Instead of PGP

It’s been more than five years since The PGP Problem was published, and I still hear from people who believe that using PGP (whether GnuPG or another OpenPGP implementation) is a thing they should be doing.

It isn’t.

I don’t blame individual Internet users for this confusion. There is a lot of cargo-culting around communication tools in the software community, and the evangelists for the various projects muddy the waters for the rest of us.

The part of the free and open source software community that thinks PGP is just dandy, and therefore evangelize the hell out of it to unsuspecting people, are the same kind of people that happily use XMPP+OMEMO, Matrix, or weird Signal forks that remove forward secrecy and think it’s fine.

Not to mince words: The same people who believe PGP is good are also famously not great at cryptography engineering.

If you’re going to outsource your opinions on privacy technology to someone else, make sure it’s someone who has actually found vulnerabilities in cryptographic software before. Most evangelists have not.

I’m not here to litigate the demerits of PGP. The Latacora article I linked above makes the same arguments I would make today, and is a more entertaining read.

It is of my opinion as a security engineer that specializes in applied cryptography that nobody should use PGP, because there’s virtually always a better tool for the job you want to use PGP for.

(And for the uncommon use cases, offering a secure, purpose-built replacement is a work-in-progress.)

Note: I’m deliberately being blunt in this post because literally more than a decade of softspokenness from cryptography experts has done nothing to talk users off the PGP cliff. Being direct seems more effective than being tactful.

If you want a gentler touch, ask your cryptographer. If you don’t have a cryptographer, hire one.

If you can accept that every billionaire is the result of a failed system, that’s how cryptographers feel about people using PGP.

Instead, let’s examine the “use cases” of PGP and what you should be using instead. (Some of this is redundant with the Latacora article, but I’m also writing it 5 years later, so some things have changed.)

I’m focusing on the “what” in this post, not the “why”. If you want to know the why, read the Latacora blog, or the Matthew Green blog.

If you’re curious about the credibility of my recommendations, read my other blog posts or ask your cryptographer.

Instead of PGP, Use This

This section contains specific tools to solve the same problems that PGP tries to solve, but better.

What makes these recommendations better than PGP?

Simply, they don’t make cryptographers want to run the other way screaming when they look under the hood. PGP does.

Some people are forced to use PGP because they work for a government that legally requires them to use PGP. In that corner case, your hands are tied by lawyers, so you don’t need to bother with what cryptographers recommend.

Signing Software Distributions

Use Sigstore.

Note that this is an ecosystem-wide consideration, not something that specific individuals must manually opt into for each of their hobby projects. The only downside to Sigstore is it hasn’t been widely adopted yet.

If you’re a Python developer, you can just use PEP 740 to get attestations with Trusted Publishers, which gives you Sigstore for free. For most developers, this is as simple as setting up a GitHub Action to publish to PyPI.

This is a developing trend: Other programming language and package management ecosystems are following suit. I expect to see Sigstore attestations baked into NPM and Maven before the next US presidential election. With any luck, your favorite programming language could be on this list too.

Sigstore doesn’t just give you a signature that you check with a long-lived public key, nor does it require you to do the Web Of Trust rigamarole.

Rather, Sigstore gives you a lot for free. Sigstore was designed around ephemeral signing certificates rather than a long-lived private key. It was purpose-built for preventing supply-chain attacks against open source software.

Combined with Reproducible Builds, Sigstore solves the triangle of secure code delivery.

Alternatively, use minisign. If your package ecosystem doesn’t support Sigstore yet, you can get by with minisign (which is signify-compatible) until they modernize.

You can also use SSH signatures, if you’d prefer. (More on that below.)

Signing Git Tags/Commits

Use SSH Signatures, not PGP signatures.

With Ed25519. Stop using RSA.

Sending Files Between Computers

Use Magic Wormhole.

You could also use SSH + rsync to do this job. That’s fine too.

Encrypting Backups

Tarsnap is the usual recommendation here.

There are a lot of other encrypted backup tools that work fine, if you don’t want to give Colin Percival your business. I don’t have a financial stake in any of them, nor have I audited them thoroughly.

Borg uses reasonable cryptography, but I haven’t had the time to review it carefully.

Kopia looks fine, but I really hate that they misuse “zero knowledge” to describe an encryption protocol (rather than a proof system). We should not reward this misbehavior by marketers.

The point is: You’ve got options.

Too many options, in my opinion, to settle for PGP.

Encrypting Application Data

Use Tink or libsodium.

Avoid: OpenPGP, OpenSSL and its competitors.

Not a lot to say here. I’ve written a lot about this over the years. Misuse-resistant cryptography libraries–especially ones that make key management less painful for users–are the way to go.

Encrypting Files

Use age.

Age is what PGP file encryption would be if PGP didn’t suck shit.

Age has two modes: Public-key encryption, and password-based key derivation.

Here’s a quick comparison table between what age offers, and what PGP uses in the installed base:

Like, it’s not even close.

Some PGP proponents will insist that AEAD is possible now, but as long as the installed base of PGP remains backwards compatible with the lowest common denominator, that’s what your software uses.

Just use age. Or rage, if you’re a Rust enthusiast.

(And if you have concerns about “which age key should I trust?”, I’m already planning an age-v1 extension for the Public Key Directory project. More on that below.)

Private Messaging

Use Signal.

Security teams around the world insist that they need PGP for bug bounty submissions or security operations, but Signal does this job better than PGP ever did.

Once upon a time, you needed to give people a phone number to use Signal, but that hasn’t been the case for a long time. Still, many people have missed that memo and think it’s a requirement.

My Signal username is soatok.45. Go ahead and message me. You won’t learn my phone number that way.

In the near future, I plan on developing end-to-end encryption for direct messages on the Fediverse (including Mastodon). This is what motivated my work on the Public Key Directory to begin with.

But this is not intended to be a Signal competitor by any measure. It’s a bar-raising activity, nothing more.

I understand some people don’t like or trust Signal for whatever reason, but every single alternative that’s been suggested to Signal has offered inferior cryptography to Signal’s. So I will continue to recommend Signal.

Miscellaneous PGP Alternatives

This section contains things people think they need PGP for.

Identity Verification

I’m actively working on something better!

If you want the ability to vend a transparently verifiable public key for a given user, that’s one of the use cases for the Public Key Directory I’m designing in order to build end-to-end encryption for the Fediverse.

Although this is purpose-built for the Fediverse, I’ve deliberately included support for Auxiliary Data messages, whose formats will be specified by protocol extensions.

Rather than trying to grok the Web-of-Trust, you can simply have your software check that multiple independent Public Key Directories have verified the record, since its inclusion is published in an append-only transparency log, secured by a Merkle tree.

My design doesn’t preclude any manual key verification, or key-signing parties, or whatever other PGP cultural weirdness you want to do with these public keys. It just establishes a baseline trustworthiness even if you’re not a paranoid computer nerd.

My project isn’t finished yet. In the meantime, you can manually check public keys when using the other recommendations on this page.

Encrypted Email

Don’t encrypt email. From the Latacora article:

Email is insecure. Even with PGP, it’s default-plaintext, which means that even if you do everything right, some totally reasonable person you mail, doing totally reasonable things, will invariably CC the quoted plaintext of your encrypted message to someone else (we don’t know a PGP email user who hasn’t seen this happen). PGP email is forward-insecure. Email metadata, including the subject (which is literally message content), are always plaintext.

There isn’t a recommendation for encrypted email because that’s not a thing people should be doing.

Now, there exists a minority of extremely technical computer user for which Signal is a nonstarter (because you need a smartphone and valid phone number to enroll in the first place).

Because those people are generally not the highest priority of cryptographers (who are commonly focused on the privacy of common folk–including people in poor and developing countries where smartphones are more common than desktop computers), there presently isn’t really a good recommendation for private messaging that meets their constraints.

Not Matrix.

Not XMPP+OMEMO.

Certainly not PGP, either.

What PGP offers here is security theater: the illusion of safety. But it’s not actually a robust private communication mechanism, as Latacora argues.

“I insist that I need encrypted email!”

If you find someone insisting that they “need” encrypted email, read up on the XY Problem. In a lot of cases, that’s what’s happening here.

Do they ipso facto need email (as in, specifically the email protocols and email software)?

And do they care more about this constraint, or the privacy of their communications?

Because if their goal just to communicate privately, see above.

If the tool they’re using being email is more important than privacy, they should consider sending empty messages with an attachment, and use age to encrypt the actual message before attaching it.

That’s serviceable, just beware that everything Latacora wrote about encrypted emails still applies to your use case, so expect someone to CC or forward your message as plaintext.

(Unless you’re legally required to use PGP because of a government regulation… in which case, why do you care about my recommendations if you’re chained by the ankle to your government’s bad technology choices?)

Finally, miss me with the “but someone can screenshot Signal” genre of objections.

As Latacora noted, people accidentally fuck up PGP all the time! It’s very easy to do.

Conversely, you have to deliberately leak something from Signal. There is no plaintext mode.

That’s the fucking bar you need to meet to compete with Signal.

PGP fails to be a Signal competitor, in ways that are worse than Threema, Matrix, or OMEMO.

Watch This Space

With all that said, I am actually designing an encrypted messaging protocol that will have an email-like user experience, except:

1. Everything is always end-to-end encrypted, with forward secrecy.
2. It’s not backwards compatible with insecure email.
3. It doesn’t use PGP, or any 1990’s era cryptography.

I can’t promise a release date yet. I’m prioritizing end-to-end encryption for the Fediverse before I write the specification for that project (tentatively called AWOO, but the cryptography underpinning both projects should be similar).

Maybe 2026? We’ll see!

If someone beats me to the punch, and their design is actually good, I’ll update the post and replace this with a specific recommendation.

Against PGP

I don’t know how to get the message out louder or clearer about how cryptographers feel about PGP than what I wrote here.

Latacora wrote their criticism in 2019. As I write this, 2024 is almost over. When will the PGP-induced madness end?

Experts are not divided here. There is no controversy to teach.

Every time a cryptographer has talked about PGP, it’s been to complain about how bad it is and opine that people shouldn’t be using it.

If you’ve read this far, you already know what you should be using instead.

Header art credits: CMYKat and the GnuPG logo.

Update (2024-11-16)

Someone tried to use their Fediverse software to submit an anti-furry comment to this blog post.

Therefore, I’ve added more furry art to it.

If you’re curious about the cryptography used by other messaging apps, please refer to this page that collects my blogs about this topic.

#alternatives #codeSigning #digitalSignatures #encryption #PGP #security #SecurityGuidance #signing

Recommendations for where indie devs get their Windows OV Code Signing certificates now? My latest vendor seems to not be replying to emails. (iykyk)

I've had previous good experiences with GlobalSign, but they're pricey. FastSSL DigiCert via CheapSSLSecurity looks cheapest, but I've never used them before.

I realize I'm probably on the wrong social media platform to find other #Windows #indie / #shareware developers...

#CodeSigning #AskFedi

As I write this, the most recent big move by Matt Mullenweg in his ongoing dispute with WP Engine was to abuse his position to seize control of a WP Engine owned plugin, justifying this act with a security fix. This justification might, under other circumstances, be believable. For example, if WP Engine weren’t actively releasing security fixes.

Now, as I wrote on a Hacker News thread, I’d been staying out of this drama. It wasn’t my fight, I wasn’t deeply familiar with the lore of the players involved, etc.

BUT! This specific tactic that Mullenweg employed happens to step on the toes of some underappreciated work I had done from 2016 to 2019 to try to mitigate supply chain attacks against WordPress. Thus, my HN comment about it.

Mullenweg’s behavior also calls into question the trustworthiness of WordPress not just as a hosting platform (WP.com, which hosts this website), but also the open source community (WP.org).

The vulnerability here is best demonstrated in the form of a shitpost:

I do not have a crystal ball that tells me the future, so whatever happens next is uncertain and entirely determined by the will of the WordPress community.

Even before I decided it was appropriate to chime in on this topic, or had really even paid attention to it, I had been hearing rumors of a hard-fork. And that maybe the right answer, but it could be excruciating for WordPress users if that happens.

Regardless of whether a hard-fork happens (or the WordPress community shifts sufficient power away from Mullenweg and Automattic), this vulnerability cannot continue if WordPress is to continue to be a trustworthy open source project.

Since this is a cryptography-focused blog, I’d like to examine ways that the WordPress community could build governance mechanisms to mitigate the risk of one man’s ego.

Revisit Code-Signing

The core code, as well as any plugins and themes, should be signed by a secret key controlled by the developer that publishes said code. There should be a secure public key infrastructure for ensuring that it’s difficult for the infrastructure operators to surreptitiously replace a package or public key without possessing one of those secret keys.

I had previously begun work on a proposal to solve this problem for the PHP community, and in turn, WordPress. However, my solution (called Gossamer) wasn’t designed with GDPR (specifically, the Right to be Forgotten) in mind.

Today, I’m aware of SigStore, which has gotten a lot of traction with other programming language ecosystems.

Additionally, there is an ongoing proposal for an authority-free PKI for the Fediverse that appears to take GDPR into consideration (though that’s more of an analysis for lawyers than cryptography experts to debate).

I think, at the intersection of both systems, there is a way to build a secure PKI where the developer maintains the keys as part of the normal course of operation.

Break-Glass Security with FROST

However, even with code-signing where the developers own their own keys, there is always a risk of a developer going rogue, or getting totally owned up.

Ideally, we’d want to mitigate that risk without reintroducing the single point of vulnerability that exists today. And we’d want to do it without a ton of protocol complexity visible to users (above what they’d already need to accept to have secure code signing in place).

Fortunately, cryptographers already built the tool we would need: Threshold Signatures.

From RFC 9591, we could use FROST(Ed25519, SHA-512) to require a threshold quorum (say, 3) of high-trust entities (for which there would be, for example, 5) to share a piece of an Ed25519 secret key. Cryptographers often call these t-of-N (in this example, 3-of-5) thresholds. The specific values for t and N vary a lot for different threat models.

When a quorum of entities do coordinate, they can produce a signature for a valid protocol message to revoke a developer’s access to the system, thus allowing a hostile takeover. However, it’s not possible for them to coordinate without their activity being publicly visible to the entire community.

The best part about FROST(Ed25519, SHA-512) is that it doesn’t require any code changes for signature verification. It spits out a valid Ed25519 signature, which you can check with just libsodium (or sodium_compat).

Closing Thoughts

If your threat model doesn’t include leadership’s inflated ego, or the corruption of social, political, and economic power, you aren’t building trustworthy software.

Promises and intentions don’t matter here. Mechanisms do.

Whatever the WordPress community decides is their best move forward (hard forks are the nuclear option, naturally), the end result cannot be replacing one tyrant with another.

The root cause isn’t that Mullenweg is particularly evil, it’s that a large chunk of websites are beholden to only his whims (whether they realized it or not).

One can only make decisions that affects millions of lives and thousands of employees (though significantly fewer today than when this drama began) for so long before an outcome like this occurs.

If you aren’t immune to propaganda, you aren’t immune to the corruption of power, either.

But if you architect your systems (governance and technological) to not place all this power solely in the hands of one unelected nerd, you mitigate the risk by design.

(Yes, you do invite a different set of problems, such as decision paralysis and inertia. But given WordPress’s glacial pace of minimum PHP version bumps over its lifetime, I don’t think that’s actually a new risk.)

With all that said, whatever the WordPress community decides is best for them, I’m here to help.

https://scottarc.blog/2024/10/14/trust-rules-everything-around-me/

#AdvancedCustomFields #arrogance #automaticUpdates #Automattic #codeSigning #cybersecurity #ego #MattMullenweg #news #PKI #pluginSecurity #powerCorrupts #SecureCustomFields #security #softwareGovernance #supplyChain #supplyChainSecurity #supplyChainSecurity #technology #threatModels #trust #WordPress #WPEngine

SignPath Foundation: Free code signing for open source projects
https://signpath.org/
#codesigning #opensource #microsoft #security #windows #apple #+

TIL: #Apple launched the next-stage with their #codesigning-thingy. During the past a warning for #unsigned Apps popped up, which can be clicked away at the UI.

New hotness: macos tells: "Binary damaged, eject DMG". Only workaround is some shell-magic.

i don't want to buy a cert. damn.

Anybody with the same problems?

#followerpower #developer

Me and the #SignServer team is happy to announce the release of SignServer Community 6.3 with an enchanced REST API, support for MS SQL Server, and upgrade to use Bouncy Castle 1.78.

Get it while it's hot! 😎️

#OpenSource #DigitalSignatures #CodeSigning #pki

https://github.com/Keyfactor/signserver-ce/releases/tag/v6.3.0.Final

@sassdawe @shanselman I think that's going to be on the PowerShell team's head, ultimately: the days of decade-long validity for #codesigning certificates are probably behind us.

Only #PowerShell can fix the fact that it treats every new cert as a new publisher, and requires you to (re)affirm your trust of them.

Never mind the package-signing thing in the old PowerShellGet, which blocks install if the certificate changes. 🙄

Oh wow, #CodeSigning certificates are still not commodity huh?!

It is 2024 and you are “proposing” we "move to a world” where #CodeSigning is mandatory? Yeah, let's look into that at some point 🙄