Jump to content

Digital signature is not up to date

Recommended Posts

Good morning,
My company does not want to offer Paint.net in the employee software catalog because the digital signature is not up to date.
Is it possible for you to renew it?

(It was valid from 08/23/2020 to 08/24/2023)

Thanks in advance and congratulations for the quality of your developments!



Link to comment
Share on other sites

The signatures are not invalid or "not up to date."


The binaries are signed with a timestamp, which validates when the files were signed. This is unlike an SSL certificate which absolutely must be renewed when it expires. For a code signing certificate, it only needs to be non-expired when the files are signed and timestamped. So "old" binaries are fine. The next PDN update will be signed with a new certificate (you can't sign and timestamp with an expired certificate).


If your IT department can't understand this then they need to figure it out. Otherwise they will not be able to offer any software that hasn't been released (and thus signed) recently.


Also, code signing is moving in the direction of ultra-short-lived certificates. For instance, the next PDN update will be signed with a certificate with a validity range of only 3 days (via Microsoft's own Azure Code Signing service). But, timestamping is used, so the file's signatures are not "invalid" once that date range is in the past.

The Paint.NET Blog: https://blog.getpaint.net/

Donations are always appreciated! https://www.getpaint.net/donate.html


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...