Conan Posted January 9, 2023 Share Posted January 9, 2023 Hi, Would it be possible the DLLs to be signed as part of the build process? same as "C:\Program Files\paint.net\paintdotnet.exe" It's more of a thing for environments that have application allow listing. Easier / more secure to use Authenticode than maintaining file hashes / allowing based on path. Cheers https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control https://www.cisa.gov/uscert/sites/default/files/cdm_files/FNR_NIS_OTH_AWL_Strategic_Planning_Guide.pdf Get-ChildItem -LiteralPath 'C:\Program Files\paint.net\' -File | Where-Object -FilterScript { $PSItem.Extension -eq '.dll' } | Get-AuthenticodeSignature | Where-Object -FilterScript { $PSItem.Status -ne 'Valid' } | Select-Object -ExpandProperty 'Path' C:\Program Files\paint.net\Accessibility.dll C:\Program Files\paint.net\CommunityToolkit.HighPerformance.dll C:\Program Files\paint.net\ComputeSharp.Core.dll C:\Program Files\paint.net\ComputeSharp.D2D1.dll C:\Program Files\paint.net\Crc32.NET.dll C:\Program Files\paint.net\DirectWriteForwarder.dll C:\Program Files\paint.net\Interop.WIA.dll C:\Program Files\paint.net\K4os.Compression.LZ4.dll C:\Program Files\paint.net\Microsoft.CSharp.dll C:\Program Files\paint.net\Microsoft.VisualBasic.Core.dll C:\Program Files\paint.net\Microsoft.VisualBasic.dll C:\Program Files\paint.net\Microsoft.VisualBasic.Forms.dll C:\Program Files\paint.net\Microsoft.Win32.Primitives.dll C:\Program Files\paint.net\Microsoft.Win32.Registry.AccessControl.dll C:\Program Files\paint.net\Microsoft.Win32.Registry.dll C:\Program Files\paint.net\Microsoft.Win32.SystemEvents.dll C:\Program Files\paint.net\Mono.Cecil.dll C:\Program Files\paint.net\Mono.Cecil.Mdb.dll C:\Program Files\paint.net\Mono.Cecil.Pdb.dll C:\Program Files\paint.net\Mono.Cecil.Rocks.dll C:\Program Files\paint.net\mscorlib.dll C:\Program Files\paint.net\netstandard.dll C:\Program Files\paint.net\Newtonsoft.Json.dll C:\Program Files\paint.net\PaintDotNet.Base.dll C:\Program Files\paint.net\PaintDotNet.Collections.dll C:\Program Files\paint.net\PaintDotNet.ComponentModel.dll C:\Program Files\paint.net\PaintDotNet.Core.dll C:\Program Files\paint.net\PaintDotNet.Data.dll C:\Program Files\paint.net\paintdotnet.dll C:\Program Files\paint.net\PaintDotNet.Effects.Core.dll C:\Program Files\paint.net\PaintDotNet.Effects.dll C:\Program Files\paint.net\PaintDotNet.Effects.Gpu.dll C:\Program Files\paint.net\PaintDotNet.Effects.Legacy.dll C:\Program Files\paint.net\PaintDotNet.Framework.dll C:\Program Files\paint.net\PaintDotNet.Fundamentals.dll C:\Program Files\paint.net\PaintDotNet.ObjectModel.dll C:\Program Files\paint.net\PaintDotNet.Plugins.Compatibility.dll C:\Program Files\paint.net\PaintDotNet.Primitives.dll C:\Program Files\paint.net\PaintDotNet.PropertySystem.dll C:\Program Files\paint.net\PaintDotNet.Resources.dll C:\Program Files\paint.net\PaintDotNet.Runtime.dll C:\Program Files\paint.net\PaintDotNet.SystemLayer.dll C:\Program Files\paint.net\PaintDotNet.SystemLayer.Native.x64.dll C:\Program Files\paint.net\PaintDotNet.Systrace.dll C:\Program Files\paint.net\PaintDotNet.UI.dll C:\Program Files\paint.net\PaintDotNet.Windows.Core.dll C:\Program Files\paint.net\PaintDotNet.Windows.dll C:\Program Files\paint.net\PaintDotNet.Windows.Framework.dll C:\Program Files\paint.net\PhotoSauce.MagicScaler.dll C:\Program Files\paint.net\PointerToolkit.dll C:\Program Files\paint.net\PointerToolkit.TerraFX.Interop.Windows.dll C:\Program Files\paint.net\PresentationCore.dll C:\Program Files\paint.net\PresentationFramework-SystemCore.dll C:\Program Files\paint.net\PresentationFramework-SystemData.dll C:\Program Files\paint.net\PresentationFramework-SystemDrawing.dll C:\Program Files\paint.net\PresentationFramework-SystemXml.dll C:\Program Files\paint.net\PresentationFramework-SystemXmlLinq.dll C:\Program Files\paint.net\PresentationFramework.Aero.dll C:\Program Files\paint.net\PresentationFramework.Aero2.dll C:\Program Files\paint.net\PresentationFramework.AeroLite.dll C:\Program Files\paint.net\PresentationFramework.Classic.dll C:\Program Files\paint.net\PresentationFramework.dll C:\Program Files\paint.net\PresentationFramework.Luna.dll C:\Program Files\paint.net\PresentationFramework.Royale.dll C:\Program Files\paint.net\PresentationUI.dll C:\Program Files\paint.net\ReachFramework.dll C:\Program Files\paint.net\System.AppContext.dll C:\Program Files\paint.net\System.Buffers.dll C:\Program Files\paint.net\System.CodeDom.dll C:\Program Files\paint.net\System.Collections.Concurrent.dll C:\Program Files\paint.net\System.Collections.dll C:\Program Files\paint.net\System.Collections.Immutable.dll C:\Program Files\paint.net\System.Collections.NonGeneric.dll C:\Program Files\paint.net\System.Collections.Specialized.dll C:\Program Files\paint.net\System.ComponentModel.Annotations.dll C:\Program Files\paint.net\System.ComponentModel.DataAnnotations.dll C:\Program Files\paint.net\System.ComponentModel.dll C:\Program Files\paint.net\System.ComponentModel.EventBasedAsync.dll C:\Program Files\paint.net\System.ComponentModel.Primitives.dll C:\Program Files\paint.net\System.ComponentModel.TypeConverter.dll C:\Program Files\paint.net\System.Configuration.ConfigurationManager.dll C:\Program Files\paint.net\System.Configuration.dll C:\Program Files\paint.net\System.Console.dll C:\Program Files\paint.net\System.Core.dll C:\Program Files\paint.net\System.Data.Common.dll C:\Program Files\paint.net\System.Data.DataSetExtensions.dll C:\Program Files\paint.net\System.Data.dll C:\Program Files\paint.net\System.Design.dll C:\Program Files\paint.net\System.Diagnostics.Contracts.dll C:\Program Files\paint.net\System.Diagnostics.Debug.dll C:\Program Files\paint.net\System.Diagnostics.DiagnosticSource.dll C:\Program Files\paint.net\System.Diagnostics.EventLog.dll C:\Program Files\paint.net\System.Diagnostics.EventLog.Messages.dll C:\Program Files\paint.net\System.Diagnostics.FileVersionInfo.dll C:\Program Files\paint.net\System.Diagnostics.PerformanceCounter.dll C:\Program Files\paint.net\System.Diagnostics.Process.dll C:\Program Files\paint.net\System.Diagnostics.StackTrace.dll C:\Program Files\paint.net\System.Diagnostics.TextWriterTraceListener.dll C:\Program Files\paint.net\System.Diagnostics.Tools.dll C:\Program Files\paint.net\System.Diagnostics.TraceSource.dll C:\Program Files\paint.net\System.Diagnostics.Tracing.dll C:\Program Files\paint.net\System.DirectoryServices.dll C:\Program Files\paint.net\System.dll C:\Program Files\paint.net\System.Drawing.Common.dll C:\Program Files\paint.net\System.Drawing.Design.dll C:\Program Files\paint.net\System.Drawing.dll C:\Program Files\paint.net\System.Drawing.Primitives.dll C:\Program Files\paint.net\System.Dynamic.Runtime.dll C:\Program Files\paint.net\System.Formats.Asn1.dll C:\Program Files\paint.net\System.Formats.Tar.dll C:\Program Files\paint.net\System.Globalization.Calendars.dll C:\Program Files\paint.net\System.Globalization.dll C:\Program Files\paint.net\System.Globalization.Extensions.dll C:\Program Files\paint.net\System.IO.Compression.Brotli.dll C:\Program Files\paint.net\System.IO.Compression.dll C:\Program Files\paint.net\System.IO.Compression.FileSystem.dll C:\Program Files\paint.net\System.IO.Compression.ZipFile.dll C:\Program Files\paint.net\System.IO.dll C:\Program Files\paint.net\System.IO.FileSystem.AccessControl.dll C:\Program Files\paint.net\System.IO.FileSystem.dll C:\Program Files\paint.net\System.IO.FileSystem.DriveInfo.dll C:\Program Files\paint.net\System.IO.FileSystem.Primitives.dll C:\Program Files\paint.net\System.IO.FileSystem.Watcher.dll C:\Program Files\paint.net\System.IO.IsolatedStorage.dll C:\Program Files\paint.net\System.IO.MemoryMappedFiles.dll C:\Program Files\paint.net\System.IO.Packaging.dll C:\Program Files\paint.net\System.IO.Pipes.AccessControl.dll C:\Program Files\paint.net\System.IO.Pipes.dll C:\Program Files\paint.net\System.IO.UnmanagedMemoryStream.dll C:\Program Files\paint.net\System.Linq.dll C:\Program Files\paint.net\System.Linq.Expressions.dll C:\Program Files\paint.net\System.Linq.Parallel.dll C:\Program Files\paint.net\System.Linq.Queryable.dll C:\Program Files\paint.net\System.Memory.dll C:\Program Files\paint.net\System.Net.dll C:\Program Files\paint.net\System.Net.Http.dll C:\Program Files\paint.net\System.Net.Http.Json.dll C:\Program Files\paint.net\System.Net.HttpListener.dll C:\Program Files\paint.net\System.Net.Mail.dll C:\Program Files\paint.net\System.Net.NameResolution.dll C:\Program Files\paint.net\System.Net.NetworkInformation.dll C:\Program Files\paint.net\System.Net.Ping.dll C:\Program Files\paint.net\System.Net.Primitives.dll C:\Program Files\paint.net\System.Net.Quic.dll C:\Program Files\paint.net\System.Net.Requests.dll C:\Program Files\paint.net\System.Net.Security.dll C:\Program Files\paint.net\System.Net.ServicePoint.dll C:\Program Files\paint.net\System.Net.Sockets.dll C:\Program Files\paint.net\System.Net.WebClient.dll C:\Program Files\paint.net\System.Net.WebHeaderCollection.dll C:\Program Files\paint.net\System.Net.WebProxy.dll C:\Program Files\paint.net\System.Net.WebSockets.Client.dll C:\Program Files\paint.net\System.Net.WebSockets.dll C:\Program Files\paint.net\System.Numerics.dll C:\Program Files\paint.net\System.Numerics.Vectors.dll C:\Program Files\paint.net\System.ObjectModel.dll C:\Program Files\paint.net\System.Printing.dll C:\Program Files\paint.net\System.Private.CoreLib.dll C:\Program Files\paint.net\System.Private.DataContractSerialization.dll C:\Program Files\paint.net\System.Private.Uri.dll C:\Program Files\paint.net\System.Private.Xml.Linq.dll C:\Program Files\paint.net\System.Reflection.DispatchProxy.dll C:\Program Files\paint.net\System.Reflection.dll C:\Program Files\paint.net\System.Reflection.Emit.dll C:\Program Files\paint.net\System.Reflection.Emit.ILGeneration.dll C:\Program Files\paint.net\System.Reflection.Emit.Lightweight.dll C:\Program Files\paint.net\System.Reflection.Extensions.dll C:\Program Files\paint.net\System.Reflection.Metadata.dll C:\Program Files\paint.net\System.Reflection.MetadataLoadContext.dll C:\Program Files\paint.net\System.Reflection.Primitives.dll C:\Program Files\paint.net\System.Reflection.TypeExtensions.dll C:\Program Files\paint.net\System.Resources.Extensions.dll C:\Program Files\paint.net\System.Resources.Reader.dll C:\Program Files\paint.net\System.Resources.ResourceManager.dll C:\Program Files\paint.net\System.Resources.Writer.dll C:\Program Files\paint.net\System.Runtime.CompilerServices.Unsafe.dll C:\Program Files\paint.net\System.Runtime.CompilerServices.VisualC.dll C:\Program Files\paint.net\System.Runtime.dll C:\Program Files\paint.net\System.Runtime.Extensions.dll C:\Program Files\paint.net\System.Runtime.Handles.dll C:\Program Files\paint.net\System.Runtime.InteropServices.dll C:\Program Files\paint.net\System.Runtime.InteropServices.JavaScript.dll C:\Program Files\paint.net\System.Runtime.InteropServices.RuntimeInformation.dll C:\Program Files\paint.net\System.Runtime.Intrinsics.dll C:\Program Files\paint.net\System.Runtime.Loader.dll C:\Program Files\paint.net\System.Runtime.Numerics.dll C:\Program Files\paint.net\System.Runtime.Serialization.dll C:\Program Files\paint.net\System.Runtime.Serialization.Formatters.dll C:\Program Files\paint.net\System.Runtime.Serialization.Json.dll C:\Program Files\paint.net\System.Runtime.Serialization.Primitives.dll C:\Program Files\paint.net\System.Runtime.Serialization.Xml.dll C:\Program Files\paint.net\System.Security.AccessControl.dll C:\Program Files\paint.net\System.Security.Claims.dll C:\Program Files\paint.net\System.Security.Cryptography.Algorithms.dll C:\Program Files\paint.net\System.Security.Cryptography.Cng.dll C:\Program Files\paint.net\System.Security.Cryptography.Csp.dll C:\Program Files\paint.net\System.Security.Cryptography.dll C:\Program Files\paint.net\System.Security.Cryptography.Encoding.dll C:\Program Files\paint.net\System.Security.Cryptography.OpenSsl.dll C:\Program Files\paint.net\System.Security.Cryptography.Pkcs.dll C:\Program Files\paint.net\System.Security.Cryptography.Primitives.dll C:\Program Files\paint.net\System.Security.Cryptography.ProtectedData.dll C:\Program Files\paint.net\System.Security.Cryptography.X509Certificates.dll C:\Program Files\paint.net\System.Security.Cryptography.Xml.dll C:\Program Files\paint.net\System.Security.dll C:\Program Files\paint.net\System.Security.Permissions.dll C:\Program Files\paint.net\System.Security.Principal.dll C:\Program Files\paint.net\System.Security.Principal.Windows.dll C:\Program Files\paint.net\System.Security.SecureString.dll C:\Program Files\paint.net\System.ServiceModel.Web.dll C:\Program Files\paint.net\System.ServiceProcess.dll C:\Program Files\paint.net\System.Text.Encoding.CodePages.dll C:\Program Files\paint.net\System.Text.Encoding.dll C:\Program Files\paint.net\System.Text.Encoding.Extensions.dll C:\Program Files\paint.net\System.Text.Encodings.Web.dll C:\Program Files\paint.net\System.Text.Json.dll C:\Program Files\paint.net\System.Text.RegularExpressions.dll C:\Program Files\paint.net\System.Threading.AccessControl.dll C:\Program Files\paint.net\System.Threading.Channels.dll C:\Program Files\paint.net\System.Threading.dll C:\Program Files\paint.net\System.Threading.Overlapped.dll C:\Program Files\paint.net\System.Threading.Tasks.Dataflow.dll C:\Program Files\paint.net\System.Threading.Tasks.dll C:\Program Files\paint.net\System.Threading.Tasks.Extensions.dll C:\Program Files\paint.net\System.Threading.Tasks.Parallel.dll C:\Program Files\paint.net\System.Threading.Thread.dll C:\Program Files\paint.net\System.Threading.ThreadPool.dll C:\Program Files\paint.net\System.Threading.Timer.dll C:\Program Files\paint.net\System.Transactions.dll C:\Program Files\paint.net\System.Transactions.Local.dll C:\Program Files\paint.net\System.ValueTuple.dll C:\Program Files\paint.net\System.Web.dll C:\Program Files\paint.net\System.Web.HttpUtility.dll C:\Program Files\paint.net\System.Windows.Controls.Ribbon.dll C:\Program Files\paint.net\System.Windows.dll C:\Program Files\paint.net\System.Windows.Extensions.dll C:\Program Files\paint.net\System.Windows.Forms.Design.dll C:\Program Files\paint.net\System.Windows.Forms.Design.Editors.dll C:\Program Files\paint.net\System.Windows.Forms.dll C:\Program Files\paint.net\System.Windows.Forms.Legacy.dll C:\Program Files\paint.net\System.Windows.Forms.Primitives.dll C:\Program Files\paint.net\System.Windows.Input.Manipulations.dll C:\Program Files\paint.net\System.Windows.Presentation.dll C:\Program Files\paint.net\System.Xaml.dll C:\Program Files\paint.net\System.Xml.dll C:\Program Files\paint.net\System.Xml.Linq.dll C:\Program Files\paint.net\System.Xml.ReaderWriter.dll C:\Program Files\paint.net\System.Xml.Serialization.dll C:\Program Files\paint.net\System.Xml.XDocument.dll C:\Program Files\paint.net\System.Xml.XmlDocument.dll C:\Program Files\paint.net\System.Xml.XmlSerializer.dll C:\Program Files\paint.net\System.Xml.XPath.dll C:\Program Files\paint.net\System.Xml.XPath.XDocument.dll C:\Program Files\paint.net\TerraFX.Interop.Windows.dll C:\Program Files\paint.net\UIAutomationClient.dll C:\Program Files\paint.net\UIAutomationClientSideProviders.dll C:\Program Files\paint.net\UIAutomationProvider.dll C:\Program Files\paint.net\UIAutomationTypes.dll C:\Program Files\paint.net\WindowsBase.dll C:\Program Files\paint.net\WindowsFormsIntegration.dll Quote Link to comment Share on other sites More sharing options...
Rick Brewster Posted January 9, 2023 Share Posted January 9, 2023 Sorry, but code signing takes a lot of time because the timestamp server forces a delay of 15 seconds between requests. It would massively inflate my build times to sign every single binary. I do sign the EXEs, and the shell extension DLLs. However, if someone knows of a free timestamp server that does not have rate limiting, then that would enable this to happen. Quote The Paint.NET Blog: https://blog.getpaint.net/ Donations are always appreciated! https://www.getpaint.net/donate.html Link to comment Share on other sites More sharing options...
Rick Brewster Posted January 12, 2023 Share Posted January 12, 2023 For reference, signing all DLLs increases the build time from about 5 minutes to about 35 minutes. So, not a trivial amount. Quote The Paint.NET Blog: https://blog.getpaint.net/ Donations are always appreciated! https://www.getpaint.net/donate.html Link to comment Share on other sites More sharing options...
Conan Posted January 16, 2023 Author Share Posted January 16, 2023 arh, my apologies, that's quite the impact. Did not realise. greatly appreciate you responding, surprised actually. Just transferred $20 USD / $30 AUD, been using PND for many years, should be more, sorry. Transaction ID: 5A482066KE265925W Not being pushy, no expectations. The above is long over due and unrelated this request. This is mostly related to running PND in an enterprise environment, i can have chat with the boss, see if they'd be willing to pay for this as a feature request. Can't make any promises, don't know if they'll go for it. I wasn't able to reproduce the rate limit issue. Are you able to share how of the signing process works in the build? Will help if i can. through PowerShell, was able to sign 261 files in 68 seconds in one go, passing an array. 71 seconds when iterating. ...Not sure how valid a test this is though guessing you're using visual studio / signtool looks like signtool can take a | delimited file list, not sure if that helps https://stackoverflow.com/questions/65985951/sign-multiple-files-with-signtool-exe there's a list of free timestamp servers, might be able to divvy up across multiple servers https://gist.github.com/Manouchehri/fd754e402d98430243455713efada710 Not sure if all the DLLs change with each build. Might be able to sign on change? Probably a messy bad idea, but maybe a "public release" build that signs everything, and a "non-plublic release" that doesn't? If it's no worth the bother, or just rather not, that's totally cool to Set-StrictMode -Version 'latest' $ErrorActionPreference = 'stop' #New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -Type CodeSigningCert -Subject 'test01' $myCodeSignCert = Get-Item -LiteralPath Cert:\CurrentUser\My\A677A404C028940D31CC3EE16C7BAE6932367A61 $FilesNotSigned = Get-ChildItem -LiteralPath 'C:\temp\paint.net' -File | Where-Object -FilterScript { $PSItem.Extension -eq '.dll' } | Get-AuthenticodeSignature | Where-Object -FilterScript { $PSItem.Status -ne 'Valid' } | Select-Object -ExpandProperty 'Path' Measure-Command -Expression { Set-AuthenticodeSignature -TimestampServer 'http://timestamp.digicert.com' -Certificate $myCodeSignCert -FilePath $FilesNotSigned } #stdout Days : 0 Hours : 0 Minutes : 1 Seconds : 8 Milliseconds : 167 Ticks : 681673557 TotalDays : 0.000788974024305556 TotalHours : 0.0189353765833333 TotalMinutes : 1.136122595 TotalSeconds : 68.1673557 TotalMilliseconds : 68167.3557 Measure-Command -Expression { $FilesNotSigned | ForEach-Object -Process { Set-AuthenticodeSignature -TimestampServer 'http://timestamp.digicert.com' -Certificate $myCodeSignCert -FilePath $PSItem } } Days : 0 Hours : 0 Minutes : 1 Seconds : 11 Milliseconds : 575 Ticks : 715756974 TotalDays : 0.000828422423611111 TotalHours : 0.0198821381666667 TotalMinutes : 1.19292829 TotalSeconds : 71.5756974 TotalMilliseconds : 71575.6974 Quote Link to comment Share on other sites More sharing options...
Rick Brewster Posted January 16, 2023 Share Posted January 16, 2023 The performance issue is strictly due to the timestamp server's rate limiting -- it just refuses to sign if I don't have a 3 second delay between each request. I'll try those other timestamp servers and see if I can get an improvement! The time cost is the only objection I have for doing this. Quote The Paint.NET Blog: https://blog.getpaint.net/ Donations are always appreciated! https://www.getpaint.net/donate.html Link to comment Share on other sites More sharing options...
Rick Brewster Posted January 17, 2023 Share Posted January 17, 2023 Looks like the DigiCert timestamp server is working very well -- not only does it not need a delay between timestamp requests, but it's fine if I do them all at once (in parallel). This is resulting in a major net improvement to build times -- from ~5 1/2 minutes down to just under 4 minutes. (and that's comparing "sign only the EXEs and shell extension DLLs" versus "sign everything"!) I can't seem to get the bundled plugin's managed DLLs to sign properly, however. signtool signs it and says success, signtool verify says it's fine, but then both the PowerShell script (above) and File Explorer's Properties show it as not signed. @null54 do you have any idea what might be happening here? Are you doing anything interesting with your build that could cause this? The only thing I can think of is if you're using embedded PDBs or something 1 Quote The Paint.NET Blog: https://blog.getpaint.net/ Donations are always appreciated! https://www.getpaint.net/donate.html Link to comment Share on other sites More sharing options...
Conan Posted January 17, 2023 Author Share Posted January 17, 2023 yay! thank you!! seriously, much appreciated. you just made a bunch of sysadmin and security types so very happy not sure if this helps, looks like there's more than one method, not sure how much of a difference that makes ...i could be completely off the mark https://learn.microsoft.com/en-us/dotnet/standard/assembly/sign-strong-name do you get a different result with and without the "/ms" parameter? sigtool.exe verify /ms https://learn.microsoft.com/en-us/dotnet/framework/tools/signtool-exe /ms should be the default as of Win8 don't think that will be it, but first thing that comes to mind. Might be able to rule out some WinVerifyTrust / CertPaddingCheck related issue at least. context: It's an old issue that recently got some attention after being exploited in the wild. Priority got increased, might have some changes in behaviour i've missed. https://learn.microsoft.com/en-us/security-updates/securityadvisories/2014/2915720 https://www.tenable.com/plugins/nessus/166555 Yes, those are strings that should be DWORD, Either work, but strings is what the MSFT doco uses ... yeah lol [HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config] "EnableCertPaddingCheck"="1" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config] "EnableCertPaddingCheck"="1" Quote Link to comment Share on other sites More sharing options...
Rick Brewster Posted January 19, 2023 Share Posted January 19, 2023 Okay with @null54's help, 5.0.1 will have all binaries signed. And my build times are about 2 to 2.5 minutes faster as well. Hurray! 1 Quote The Paint.NET Blog: https://blog.getpaint.net/ Donations are always appreciated! https://www.getpaint.net/donate.html Link to comment Share on other sites More sharing options...
Solution Rick Brewster Posted January 21, 2023 Solution Share Posted January 21, 2023 Alright 5.0.1 is now out with full code signing. Let me know if you find something in there that isn't signed. Quote The Paint.NET Blog: https://blog.getpaint.net/ Donations are always appreciated! https://www.getpaint.net/donate.html Link to comment Share on other sites More sharing options...
Conan Posted January 22, 2023 Author Share Posted January 22, 2023 (edited) Beautiful! That works perfectly, thank you again. Just out of curiosity, what was the issue with the plugin's managed DLLs; signtool saying signed yet explorer and Get-AuthenticodeSignature saying not signed? Edited January 22, 2023 by Conan Quote Link to comment Share on other sites More sharing options...
null54 Posted January 22, 2023 Share Posted January 22, 2023 21 minutes ago, Conan said: Just out of curiosity, what was the issue with the plugin's managed DLLs issue, signtool saying signed yet explorer and Get-AuthenticodeSignature saying not signed? It was related to a post-build script I was using that removed the debug information section from the DLL headers. No idea why it was causing that behavior, perhaps a checksum or something with the managed code sections was not being correctly updated when it rebuilt the headers after removing that data. 1 Quote Plugin Pack | PSFilterPdn | Content Aware Fill | G'MIC | Paint Shop Pro Filetype | RAW Filetype | WebP Filetype The small increase in performance you get coding in C++ over C# is hardly enough to offset the headache of coding in the C++ language. ~BoltBait Link to comment Share on other sites More sharing options...
Conan Posted January 22, 2023 Author Share Posted January 22, 2023 thanks, interesting was the process something like this? 1. build 2. post-build script 3. sign what was the fix? sorry if annoying questions, piqued my interest Quote Link to comment Share on other sites More sharing options...
null54 Posted January 22, 2023 Share Posted January 22, 2023 26 minutes ago, Conan said: was the process something like this? Yes, the post-build step used the Header Pack Script for CFF Explorer to remove the debug section. The script is also posted at the bottom of the following NTCore blog post, with some more detail about what it does: https://www.ntcore.com/files/richsign.htm 26 minutes ago, Conan said: what was the fix? Stop using that script. 😀 Quote Plugin Pack | PSFilterPdn | Content Aware Fill | G'MIC | Paint Shop Pro Filetype | RAW Filetype | WebP Filetype The small increase in performance you get coding in C++ over C# is hardly enough to offset the headache of coding in the C++ language. ~BoltBait Link to comment Share on other sites More sharing options...
Rick Brewster Posted August 9, 2023 Share Posted August 9, 2023 @Conan, bad news. Starting this year, code signing now requires a physical hardware device -- in my case, a USB token. The token is quite slow for file signing, and it is again completely impractical for me to sign all of the app binaries. Unless I can find a workaround, I will have to revert back to signing only "important" binaries (all EXEs, a few DLLs) starting with Paint.NET v5.0.10. This workaround does not work: https://stackoverflow.com/a/54928402/1191082 . signtool.exe does not support "SHA512withRSA", nor do I know if that would help anyway with my particular USB token from Sectigo. Quote The Paint.NET Blog: https://blog.getpaint.net/ Donations are always appreciated! https://www.getpaint.net/donate.html Link to comment Share on other sites More sharing options...
Rick Brewster Posted August 20, 2023 Share Posted August 20, 2023 @Conan, good news. I got into the Azure Code Signing private preview. I'm now able to sign all binaries without any performance issues. Whew Quote The Paint.NET Blog: https://blog.getpaint.net/ Donations are always appreciated! https://www.getpaint.net/donate.html Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.