Feature Request: Sign Windows binaries

[TomSellers]

The intent of this issue is to start the discussions needed to determine if all of the official Windows installer and executable binaries can be signed. Signed Windows binaries would help ensure that the binaries are official and have not been modified. It would also improve acceptance in environments where application white-listing is deployed.

In the environment that I am responsible for the barrier for approval for unsigned files is significantly higher than that for signed code.

Related Issues:
#94 Sign the OS X installer
#136 Create EV-signed Npcap compatible with Windows 10

CC @bonsaiviking @fyodor

[hsluoyz]

Hi @TomSellers,

I'm not quite sure about the OS X case, but for Npcap, all binaries are already signed, although not using an EV certificate. The current situation is not the best but enough to use.

We are not using an EV certificate primarily because it needs a hardware key when do the signing. And it's difficult for all Nmap products to use the key at the same time, since the developers are located at different places.

Or have you encountered any difference between a normal cert and an EV cert?

Cheers,
Yang

[dmiller-nmap]

We did this starting with Nmap 7.25BETA2!