Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Signing the assembly for Windows platforms #3718

Closed
GuildOfCalamity opened this issue Jun 20, 2024 · 8 comments
Closed

Signing the assembly for Windows platforms #3718

GuildOfCalamity opened this issue Jun 20, 2024 · 8 comments
Labels
enhancement Enhancement request

Comments

@GuildOfCalamity
Copy link

For those of us whose perform security audits (SSF, BlackDuck, etc), this DLL is always flagged because it is unsigned.

Can we get a signed version in the future?

Even ILSpy struggles with it:
image
@GuildOfCalamity GuildOfCalamity added the enhancement Enhancement request label Jun 20, 2024
@magreenblatt
Copy link
Collaborator

magreenblatt commented Jun 20, 2024
edited
Loading

CEF doesn't provide signed binaries. Application distributors (e.g. you, or whomever created the application that you're using) should sign all binaries that are being distributed as part of the application.

@magreenblatt magreenblatt closed this as not planned Won't fix, can't repro, duplicate, stale Jun 20, 2024
@GuildOfCalamity
Copy link
Author

CEF doesn't provide signed binaries. Application distributors (e.g. you, or whomever created the application that you're using) should sign all binaries that are being distributed as part of the application.

I've tried that but the libcef assembly is not signable for some reason (probably because of the missing PF data).
Internally we sign all DLLs and 90% of the 3rd party DLLs are signed to begin with.

@magreenblatt
Copy link
Collaborator

magreenblatt commented Jun 20, 2024
edited
Loading

I'm not seeing any issues signing libcef. Where are you getting the libcef DLL? Are you using CEF/C++ directly, or some wrapper project?

@GuildOfCalamity
Copy link
Author

GuildOfCalamity commented Jun 20, 2024
edited
Loading

I'm not seeing any issues signing libcef. Where are you getting the libcef DLL? Are you using CEF/C++ directly, or some wrapper project?

It's possible we have an older version here, let me try fetching the latest binaries and try to sign them.
BTW, I'm using the standard ildasm and ilasm for the signing process.

[UPDATE]
When I try the latest 64-bit Windows binary I still am unable to sign it. I used the Standard Distro

ILSpy reports that "PE file does not contain any managed metadata."

Here are the properties for the library:
image

@amaitland
Copy link
Contributor

ILSpy reports that "PE file does not contain any managed metadata."

That's correct. libcef.dll is not a managed library. It's written in C++. There is no managed metadata.

@GuildOfCalamity
Copy link
Author

ILSpy reports that "PE file does not contain any managed metadata."

That's correct. libcef.dll is not a managed library. It's written in C++. There is no managed metadata.

Understood. For a Windows user, what would be the correct way to sign the compiled binary since it is unmanaged?

@magreenblatt
Copy link
Collaborator

magreenblatt commented Jun 21, 2024 via email

@GuildOfCalamity
Copy link
Author

@magreenblatt Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Enhancement request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@amaitland @magreenblatt @GuildOfCalamity