[delphizip] Re: SFX - Autorun
- From: <james.d.h.turner@xxxxxxxxxxxx>
- To: delphizip@xxxxxxxxxxxxx
- Date: Sat, 18 Apr 2009 0:41:36 +0100
It is the final executable that must be signed (not the zip file). I can
provide code to validate the signature - it's neither huge nor complex.
In theory, it should be possible to sign zip files by placing the signature
directly before the central directory, however, I have never seen this
suggested and it is not an accepted standard.
-- James Turner
---- RPeters <rpeters@xxxxxxxxxxxxx> wrote:
> james.d.h.turner@xxxxxxxxxxxx wrote:
> > Alternative security possibilities that could be considered
> >
> > 1) Allow autorun when extracting to temp directory
> > 2) Allow autorun when digitally signed
> >
> > -- James Turner
> >
> > -----------
> > To unsubscribe from this list, send an empty e-mail
> > message to:
> > delphizip-request@xxxxxxxxxxxxx
> > and put the word unsubscribe in the subject.
> >
> Thanks - the first looks like a reasonable (easy/small to implement)
> compromise.
> In theory Vista+ should take care of the second but the problem will be
> how to sign it - the zip format is not very friendly to signing or would
> signing the stub/loader work.
> Russell Peters
> -----------
> To unsubscribe from this list, send an empty e-mail
> message to:
> delphizip-request@xxxxxxxxxxxxx
> and put the word unsubscribe in the subject.
-----------
To unsubscribe from this list, send an empty e-mail
message to:
delphizip-request@xxxxxxxxxxxxx
and put the word unsubscribe in the subject.
Other related posts:
