From 7faddc3bc58e41aa960fd908bea3bec163549cd2 Mon Sep 17 00:00:00 2001 From: Ricardo Paes Date: Sun, 17 Jan 2021 19:45:36 -0300 Subject: [PATCH] More information about certificates in the readme --- README.md | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f98e589..87a0807 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,39 @@ docker run -v ${PWD}/work/:/work/ likesistemas/exe-sign:latest ## Enviroment Variables -CERT_FILE: Certificate file that should be in the / work / folder. Default: certificate.pfx +CERT_FILE: Certificate file that should be in the /work/ folder. Default: certificate.pfx + CERT_PASSWORD: Certificate password. Default: 123456 + EXE_FILE: Executable to be signed. Default: app.exe -EXE_SIGNED: Final signed file name. Default: app_signed.exe \ No newline at end of file + +EXE_SIGNED: Final signed file name. Default: app_signed.exe + +## Certificate (Taken from the [Source](https://stackoverflow.com/questions/252226/signing-a-windows-exe-file)) + +The first thing you have to do is get the certificate and install it on your computer, you can either buy one from a Certificate Authority or generate one using makecert. + +Here are the pros and cons of the 2 options + +### Buy a certificate + +#### Pros + +Using a certificate issued by a CA(Certificate Authority) will ensure that Windows will not warn the end user about an application from an "unknown publisher" on any Computer using the certificate from the CA (OS normally comes with the root certificates from manny CA's) + +#### Cons + +There is a cost involved on getting a certificate from a CA + +For prices, see [Cheapssl](https://cheapsslsecurity.com/sslproducts/codesigningcertificate.html) and [Digicert](https://www.digicert.com/code-signing/) + +### Generate a certificate using Makecert + +#### Pros + +The steps are easy and you can share the certificate with the end users + +#### Cons + +End users will have to manually install the certificate on their machines and depending on your clients that might not be an option +Certificates generated with makecert are normally used for development and testing, not production. \ No newline at end of file