Digital Signatures lost when patch applied

[abenzick]

Hello,

My executable has a digital signature applied to it for my company. When tufup applies a new patch, the new executable is no longer signed. What options do we have to keep the application with a digital signature?

[dennisvang]

@abenzick Could you provide some details to help us inderstand the problem?

• What kind of signature are we talking about, specifically?
• How is the signature applied?
• What is the signature used for?

[abenzick]

Hello, I've attached a screenshot of what I'm referring to. Code signing certificates allow you sign your executable and indicate it comes from a trusted authority. Windows better understand the exe and offers less warning messages when it is run.

https://codesigningstore.com/how-to-digitally-sign-executable-files

Microsoft has a command line tool for signing executables:

https://docs.microsoft.com/en-us/windows/win32/seccrypto/signtool

[dennisvang]

@abenzick Thanks for the info.

Just to be sure: Are you certain you signed the new executable (i.e. the update) before adding it to the tufup repository?

[abenzick]

@abenzick Thanks for the info.

Just to be sure: Are you certain you signed the new executable (i.e. the update) before adding it to the tufup repository?

I thought I had. I will certainly double check and give it another try.

[abenzick]

@dennisvang Turns out....I did NOT sign the new (2nd) executable before I added it as a target.

When I ensured that I did, the resulting updated file had its digital signature in place. ALL GOOD :)

[dennisvang]

@abenzick That's good to hear!
Thanks for letting us know.
I was starting to get a little worried. ;-)

I'm closing this issue now.