The author of the Notepad ++ editor, intended for programmers, faced an interesting challenge. The certificate with which the program was signed to confirm the authenticity has expired. Notepad ++ will no longer be signed with a certificate – its author has found a different solution.
Registration of the certificate only for the rich
The certificate to which “Don Ho” signed his program came from a grant. After its expiration, the programmer tried to register a new one under the name of the program, ie Notepad ++, but it turned out to be impossible. It’s nothing that “Don ho” develops a very popular program. The name is not registered as a company or an organization, so in the eyes of certificate providers it does not exist, and does not have nonexistent voice.
The second problem, as you probably guessed, is the price of a commercial certificate confirming the authenticity of the software. Program control and cryptographic key cost tens or hundreds of dollars, depending on the publisher.
Without a certificate, Windows warns against installation
Verification of the program’s authenticity has two purposes. The most important is of course to ensure the safety of users. The cryptographic signature guarantees that the program installer has not been modified and the publishers can be trusted.
The second, more prosaic advantage of having a certificate to sign the program is not to frighten users. Nothing discourages you from installing an interesting program like browser or Windows warnings about the unverified identity of the publisher. Many users turn these warnings off and take full responsibility for security, but this is not the best solution.
GPG is the perfect way out of the situation
The author of the popular editor found a different way out of the situation. Its solution does not cost a penny, and confirms the authenticity of the program no worse than a commercial certificate. Notepad ++ from version 7.6.5 is signed with the GPG key. The GNU Privacy Guard project is a free replacement for PGP cryptographic software, implementing the same RFC4880 standard. The libraries are available under the GPL3 license and can be used free of charge. The versatility of this solution guarantees the same effective signing of messages sent by communicators as well as installers of programmers’ editors.
I’m Justin, I live in Brazil. On my blog you will find information on various topics related to the world of internet technology, I am mainly interested in Linux and Windows systems 🙂 and things related to them … but not only. So here you can also find information on other topics, tutorials and guides on various interesting online tools, programs, etc.