Archi Forum

Archi => Archi Development => Topic started by: ostkrokens on November 01, 2021, 08:10:11 AM

Title: Archi.exe Signature Invalid
Post by: ostkrokens on November 01, 2021, 08:10:11 AM
Dear,

Version 4.9.1

The signature of Archi.exe is invalid.

Can you please update and verify? Thanks.

Title: Re: Archi.exe Signature Invalid
Post by: Phil Beauvoir on November 01, 2021, 08:20:11 AM
Hi,

what do you mean by "invalid" and what signature?

Perhaps you could provide some detail about your issue that we could act on...
Title: Re: Archi.exe Signature Invalid
Post by: ostkrokens on November 01, 2021, 08:49:47 AM
Thanks for your reply.

Once the application is installed under $ProgramFiles - the Archi.Exe executable signature is not valid

https://imgur.com/a/mqX04AP

Please let me know if you need further information
Title: Re: Archi.exe Signature Invalid
Post by: Phil Beauvoir on November 01, 2021, 09:11:43 AM
The "Archi.exe" file is generated from a base "eclipse.exe" file signed by the Eclipse Foundation. The Archi icon is embedded into it so, yes, the digital signature will no longer be valid. This has been the case since Archi 4.6. In fact, Archi is not the only app with an exe file of this format, download this app (http://directory.apache.org/studio/) and you'll see the same digital signature and "invalid" message.

Here are your options:


More information:

https://github.com/eclipse/tycho/discussions/353
https://bugs.eclipse.org/bugs/show_bug.cgi?id=565937
Title: Re: Archi.exe Signature Invalid
Post by: Bain19 on January 13, 2023, 16:29:09 PM
Just going to leave this here for the google bot and others users that this snags.
"Windows protected your PC"
"Unknown publisher"
"Archi.exe"

Without valid signatures, Archi will be constantly getting flagged as a risk by windows. 



You can go around it and force the execution by launching it via commandline vs mouse click, but this is starting to feel like hostile architecture.
Title: Re: Archi.exe Signature Invalid
Post by: Phil Beauvoir on January 13, 2023, 17:16:26 PM
> Without valid signatures, Archi will be constantly getting flagged as a risk by windows. 

Even with a code signature SmartScreen will still flag an app as unrecognized until it has built up reputation. To keep SmartScreen totally happy one has to sign the app with an Extended Validation (EV) certificate.

An EV certificate can cost up to £800 per year. To apply for one you need to secure the services of a lawyer to notarize the EV certificate application process. Individuals can't apply for an EV certificate. only companies can. I am not a company.
Title: Re: Archi.exe Signature Invalid
Post by: Phil Beauvoir on January 14, 2023, 16:00:28 PM
SmartScreen complains because an app has little or no "reputation"....according to Microsoft.

In addition, two *.exe files are not signed:

1. Archi.exe (the main executable launcher)
2. Archi-Win64-Setup-X.X.X.exe (the installer)

One way to solve this when building Archi:

1. Use the "eclipse.exe" file renamed to "Archi.exe". This is signed by the Eclipse Foundation but has the Eclipse icon, not the Archi icon. This gets packaged in the Archi-Win64-X.X.X.zip distribution.
2. No longer distribute the Archi-Win64-Setup-X.X.X.exe installer.
Title: Re: Archi.exe Signature Invalid
Post by: Phil Beauvoir on January 18, 2023, 00:27:51 AM
I've managed to secure a code signing certificate from Sectigo and the next release of Archi 5 will be signed.