I need to generate a self signed Adobe Air certificate. How to do that? (I'm using Flash CS5 - AIR 2.0/2.5)
I came across this tutorial - what stands ADT for and where do I enter the command line?
Thanks.
Flash CS5 will create a certificate for you. Next to the to the box where you enter your certificate, there should be a button labeled "Create". (I have Flash CS4 open, but I don't think they removed the feature in CS5.) That will create a certificate for you.
(Oh, and Flash uses ADT behind the scenes to generate the certificate.)
ADT is "Air Developer Tool". You enter the command lines at a command prompt. Make sure the directory that contains the ADT program is in your path or specify the path to it in the command line.
Related
I'm developing C++ program. I generate a certificate from our PKI Solution configured in our company(Microsoft). I sign my .exe using the certificate(generated). But when I make my file on the server (internet) and download it, I have the problem of displaying SmartScreen.What should I do to make my .exe works well in all computer of our company? Should I buy a certificate to sign my code? Sign my code with root certificate?
I think problem is your application has downloaded a few users and the reputation is unknown to Microsoft
P.S. And you can distribute your program in Microsoft Store
I have registered for the Safari Development Program and have a valid Apple ID. I've followed all the steps given by Apple.
I have the Safari Extension Certificate (the .cer file) but when I open Safari's Extension Builder, my certificate does not appear there.
I need Reputation for upload image...
Después de formateara mi mac algo evidentemente cambio. revoque mi certificado e hice uno nuevo. no tuve problemas.
After formatting my mac something obviously change. Revoke my certificate and made a new one. I had no problems.
I changed the info.plist file in Boot Camp package to make it support making USB installing drives on my Mac, but on Mac OS X Mavericks the app crashed before I signed the new file. I use the following code in terminal to sign it.
sudo codesign -fs - /Applications/Utilities/Boot\ Camp\ Assistant.app
After signing the code, the app ran successfully. The whole tutorial is here: Enable Bootcamp to install from usb for OSX 10.9
BUT I am wondering why I can sign the code so easily, without any formal certificate. I think code signature is a security feature. Only developers with certificates can sign their codes and distribute them, and Apple only allow these signed programs to run: About Code Signing I am a beginner on this topic; can someone explain the process a little bit? Does this means that hackers can sign whatever codes they want (maybe malicious ones) and run them AS LONG AS they get the password for root account?
Then I changed back to the original info.plist and wanted to remove the signature for the file that I created. How do I do this?
Thanks!
The reason is because you are signing the package with a local certificate. When Apple sign the package, it will run on any Mac, as their root certificate is trusted in the base OS.
If you transferred your locally signed package to another mac, you would find that it crashes, because it was signed with a certificate from another machine.
Hope this clears it up.
I am developing an AIR application. I am exporting the release build as native installer by signing it with a digital certificate that was bought from TC Trust Center. Following flow happens with the setup.exe created.
This setup.exe is now uploaded to a host to enable users to download the setup file.
A user downloads this using browser and double clicks on the downloaded setup.exe.
Windows shows up a security warning pop up and states that the publisher is unknown.
After clicking continue, the AIR installer shows up the correct publisher name
And when the program is installed the control panel also shows up the correct publisher name.
I would like to know why is Windows security warning unable to detect the publisher name? And how can this issue be resolved. Kindly help. Thanks in advance :)
Publisher name must not necessarily be taken from the signature. In fact, in Control Panel it's taken from the registry record rather than from the signature, so this is not a proof.
Most likely you needed to include intermediate CA certificates with the signature, and the tool didn't do this automatically.
Open Explorer, and right-click on your setup.exe and invoke Properties dialog. If the signature is present and recognized, Digital Signature tab will appear in the properties. This doesn't mean that the signature is valid, though. You need to go to this Tab and check the certificates used for signing, their status and the certificate chain. The certificate chain must be complete and lead up to recognized root or trusted CA certificate (recognized means that Windows has it in it's trust list).
Is there any way to check the integrity of the application just before the application starts up? (to prevent anyone changing the application after it is installed)
Adobe AIR automatically does this when you sign your code and package your aar file. If you touch anything inside it aar file after signing it, you should get an error. See: http://help.adobe.com/en_US/AIR/1.5/air_security/WS5b3ccc516d4fbf351e63e3d11c0f598475-7ffa.html
I don't know if Adobe AIR itself provides any such integrity checker.
A (non-optimal) solution would be to have a database of md5 hashes of all or select important files, and verify it again at start-up. (you could use this for the md5 hashing.)