Most of binaries in TC distribution have the digital certificate (Digital Signature) from Ghisler Software GmbH, which is up-to-date. In particular, in current 10.00b3 the expiration time is 28 October 2022. However, some binaries have not been updated too long and have the expired certificates; some others don't have a certificate at all. While this do not prevent TC and its components from working properly, the requirements may become more strong in forthcoming Windows versions, so it would be better to update the certificates of all binaries, which possible, in the final TC 10 release.
List of outdated and unsigned binaries in TC 10.00b3 distribution:
Outdated binaries (valid to: dd/mm/yyyy)
x64
CGLPT64.SYS - 12/05/2011
NOCLOSE64.EXE - 26/05/2017
TCMDX32.EXE - 26/05/2017
TCUNZL64.DLL - 26/05/2017
TcUsbRun.exe - 26/05/2017
WCMZIP64.DLL - 22/08/2018
x32
CGLPT64.SYS - 12/05/2011 (same as in x64)
CGLPTNT.SYS - 12/05/2011
TCMDX64.EXE - 26/05/2017
TCUNZLIB.DLL - 26/05/2017
TcUsbRun.exe - 26/05/2017 (same as in x64)
WCMZIP32.DLL - 22/08/2018
Unsigned binaries (some licensed 3-rd party libraries were not signed by their creators)
x64
SFXHEAD.SFX
TC7Z64.DLL
TCLZMA64.DLL
TCshareWin10x64.dll
WCMICON2.DLL
WCMICONS.DLL
FILTER64\AutoPitch.dll
FILTER64\SoundTouchDLL_x64.dll
x32
CABRK.DLL
CGLPT9X.VXD
FRERES32.DLL
SFXHEAD.SFX (same as in x64)
SHARE_NT.EXE
TC7Z.DLL
TCMDLZMA.DLL
TCshareWin10.dll
UNACEV2.DLL
UNRAR9X.DLL
WC32TO16.EXE
WCMICON2.DLL (same as in x64)
WCMICONS.DLL (same as in x64)
FILTER32\AutoPitch.dll
FILTER32\SoundTouchDLL.dll
Binaries with outdated digital certificates or unsigned
Moderators: Hacker, petermad, Stefan2, white
Binaries with outdated digital certificates or unsigned
Desktop: Windows 11 Pro 23H2, TC 11.50 beta. Mobile: Pixel 5a, Android 14, TC 3.42b5
Re: Binaries with outdated digital certificates or unsigned
As long as the CA signing certificate in the certificate chain is valid, even expired client certificates are considered valid. If that behavior would change, a good portion of every available software out there would be considered unsigned or invalidly signed, so I think it's highly unlikely that it's going to change. And that's the reason certificate chains exist.
Furthermore, it's been a requirement to use SHA256 based certificates to sign files for many years now, but such certs are only recognized by Win7 and higher, which means that files would appear unsigned on older operating systems (although the files are signed).
Regards
Dalai
Furthermore, it's been a requirement to use SHA256 based certificates to sign files for many years now, but such certs are only recognized by Win7 and higher, which means that files would appear unsigned on older operating systems (although the files are signed).
Regards
Dalai
#101164 Personal licence
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64
Plugins: Services2, Startups, CertificateInfo, SignatureInfo, LineBreakInfo - Download-Mirror
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64
Plugins: Services2, Startups, CertificateInfo, SignatureInfo, LineBreakInfo - Download-Mirror
Re: Binaries with outdated digital certificates or unsigned
For some time in the past files were dual signed with two hash functions (SHA256 and SHA1) and they were properly recognized as signed in older systems. I don't know if it's still possible.
Andrzej P. Wozniak
Polish subforum moderator
Polish subforum moderator
Re: Binaries with outdated digital certificates or unsigned
For these files an old signature is used intentionally to make them work in modern Windows, as explained in following post: https://ghisler.ch/board/viewtopic.php?p=358925#p358925
Donate for Ukraine to help stop Russian invasion!
Ukraine's National Bank special bank account:
UA843000010000000047330992708
Ukraine's National Bank special bank account:
UA843000010000000047330992708
Re: Binaries with outdated digital certificates or unsigned
I should agree that current situation with signing is far from perfect (as it was imagined at introduction) and sometimes intentional use of outdated certificates has a reason because of illogical (ill-logical) position of Windows developers which we, unfortunately, cannot correct.
But on the other side, the signing is useful simply as a method of integrity checking, that DLL hasn't been damaged, modified or replaced, and even outdated, the certificate is able to play this role as long as the certificate chain is valid. So, I would suggest to have signed as many DLLs as possible.
But on the other side, the signing is useful simply as a method of integrity checking, that DLL hasn't been damaged, modified or replaced, and even outdated, the certificate is able to play this role as long as the certificate chain is valid. So, I would suggest to have signed as many DLLs as possible.
Desktop: Windows 11 Pro 23H2, TC 11.50 beta. Mobile: Pixel 5a, Android 14, TC 3.42b5
- ghisler(Author)
- Site Admin
- Posts: 49232
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Re: Binaries with outdated digital certificates or unsigned
That's not how signatures work: Windows signing uses a mechanism called timestamping: A timestamp of the time when the file was signed is added. This timestamp is created by a special secure timestamp server, so the timestamp cannot be faked. Windows acknowledges a certificate as valid when the signature was created witin the validity period of the certificate. ExampleList of outdated and unsigned binaries in TC 10.00b3 distribution:
If the certificate is valid from 1/1/2001 to 1/1/2003 and the timestamp is within that period, then the certificate is valid.
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com