james.d.h.turner@xxxxxxxxxxxx wrote: > It is the final executable that must be signed (not the zip file). I can > provide code to validate the signature - it's neither huge nor complex. > > In theory, it should be possible to sign zip files by placing the signature > directly before the central directory, however, I have never seen this > suggested and it is not an accepted standard. > > -- James Turner > > > ---- RPeters <rpeters@xxxxxxxxxxxxx> wrote: > >> james.d.h.turner@xxxxxxxxxxxx wrote: >> >>> Alternative security possibilities that could be considered >>> >>> 1) Allow autorun when extracting to temp directory >>> 2) Allow autorun when digitally signed >>> >>> -- James Turner >>> >>> ----------- >>> To unsubscribe from this list, send an empty e-mail >>> message to: >>> delphizip-request@xxxxxxxxxxxxx >>> and put the word unsubscribe in the subject. >>> >>> >> Thanks - the first looks like a reasonable (easy/small to implement) >> compromise. >> In theory Vista+ should take care of the second but the problem will be >> how to sign it - the zip format is not very friendly to signing or would >> signing the stub/loader work. >> Russell Peters >> ----------- >> To unsubscribe from this list, send an empty e-mail >> message to: >> delphizip-request@xxxxxxxxxxxxx >> and put the word unsubscribe in the subject. >> > > ----------- > To unsubscribe from this list, send an empty e-mail > message to: > delphizip-request@xxxxxxxxxxxxx > and put the word unsubscribe in the subject. > Please do send the code - the next version of the stub is not finished yet (thought it was but there is still a problem with detached SFX). I have an idea that forcing this action probably won't suit some people but it might help stop it being regarded as a potential virus carrier. Most zip extractors expect (demand) that the central directory immediately follow the local entries and the EOC immediately follows the central which the 'standards' doesn't stipulate - this is a real stumbling block (oh for an embedded data field that most things would ignore). Russell Peters ----------- To unsubscribe from this list, send an empty e-mail message to: delphizip-request@xxxxxxxxxxxxx and put the word unsubscribe in the subject.