KeePass 2.26 not signed

xfacter
2014-04-13
2014-10-17
  • xfacter
    xfacter
    2014-04-13

    The new version for windows does not seem to be signed/certified. Will we be getting a signed version soon?

     
  • wellread1
    wellread1
    2014-04-13

    When you use KeePass you are entering into a direct trust relationship with the KeePass authors. You can verify the authenticity and integrity of a downloaded version of KeePass by confirming a match between the Hash published by the authors with a computed Hash of your downloaded version. For details see http://keepass.info/integrity.html.

    Various other signatures and keys to verify your download are available via links at the bottom of the downloads page.

    KeePass releases are not signed with a commercial digital certificate or certified by a certificate authority. For an explanation of code signing see http://msdn.microsoft.com/en-us/library/ie/ms537361%28v=vs.85%29.aspx.

     
    Last edit: wellread1 2014-04-13
  • xfacter
    xfacter
    2014-04-13

    I see. When I launch the 2.26 setup it prompts me that it is not signed. This does not happen when I launch the 2.25 setup. I suppose this could be because I have previously allowed it to launch in the past.

     
  • wellread1
    wellread1
    2014-04-14

    The warning messages also display on current OSes with earlier version KeePass setups (e.g. 2.25).

     
  • Paul
    Paul
    2014-04-14

    You probably need to right click on KeePass-2.26-Setup.exe, select Properties and Unblock.

    cheers, Paul

     
  • Shivan
    Shivan
    2014-10-17

    But what is there against signing the application and installer with a certificate?

    For open source it can be get, free here:
    https://www.globalsign.com/ssl/ssl-open-source/

    I think that's easier than manually checking md5 or something else.