Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Using a Self-signed Certificate
In order to access applications running as administrator in Windows Vista and later, NVDA must have the uiAccess privilege, which requires that it be signed by a trusted authenticode certificate. Such a certificate can be purchased from various certified certificate authorities.
You can also generate a self-signed certificate. However, copies of NVDA signed by a self-signed certificate will not function on systems where it is not installed as a trusted root certificate, so this is only suitable for personal use.
Following are instructions on how to generate and install a self-signed certificate. This is not supported and should only be attempted by developers who know what they are doing and are aware of the risks. If the private key is compromised, this poses a serious security risk to your system. You have been warned. Please do not ask further questions on this topic.
Generating the Certificate
Obviously, the names and file names provided below can be adjusted.
Open a Microsoft Windows SDK CMD Shell.
To create the certificate:br
makecert -r -n "CN=selfsigned" -sv selfsigned.pvk selfsigned.cert
To convert it to the required formats:br
cert2spc selfsigned.cert selfsigned.spc pvk2pfx -pvk selfsigned.pvk -spc selfsigned.spc -PFX selfsigned.pfx
- You can now delete selfsigned.pvk.
- selfsigned.pfx is the certificate containing the private key. It is used to sign executables.
- selfsigned.spc only contains the public key. This is the certificate which must be installed on systems where you want to run signed executables.
Installing the Certificate
Use the following command:
certutil -addstore root selfsigned.spc
Building NVDA Signed with the Certificate
Supply the pfx file in the certFile parameter when building NVDA with SCons. See readme.txt in the NVDA source distribution for details.