In the absence of the exact error message, I suspect you are encountering a warning that frequently appears after each new release of KeePass and persists until the new release develops a reputation. See this FAQ for details.
Last edit: wellread1 2016-01-13
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm getting the same error. I've never seen it before. I know the one you're talking about that indicates that a file is infrequently downloaded and may be harmful. This message is different:
"The signature of KeePass-2.31-Setup.exe is corrupt or invalid."
See attached image
Even if I do the download using Chrome, when I executre it, Windows warns me that it might be dangerous. I think it is unfortunate that, for whatever reason, people are expected to ignore warnings. Malware makers are celebrating.
Last edit: Anonymous 2016-02-01
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
And as one post points out, KeePass runs on his W10 machine without issue.
This really is a Windows implementation problem and users are caught up, as usual.
cheers, Paul
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Paul, the setup.exe you refer to is signed with BOTH.
And that is the key here. Windows (as of 2016-01-01) requires that installers and executables be signed with a SHA256 certificate. AFAICT that same SHA256 cert can also be used to generate an additional SHA1 checksum to keep Vista users happy. But at the end of the day, a SHA256 cert is now required for files marked with the "web" attribute (browsers tend to set this attribute for stuff downloaded from the web).
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
When I downloaded KeePass-2.31-Setup.exe, Windows 7 told me that the signature was corrupt or invalid. Should I ignore that?
In the absence of the exact error message, I suspect you are encountering a warning that frequently appears after each new release of KeePass and persists until the new release develops a reputation. See this FAQ for details.
Last edit: wellread1 2016-01-13
I'm getting the same error. I've never seen it before. I know the one you're talking about that indicates that a file is infrequently downloaded and may be harmful. This message is different:
"The signature of KeePass-2.31-Setup.exe is corrupt or invalid."
See attached image
That is Microsoft attempting to make everyone use the MS store - and pay MS money.
[/cynicism]
See this post: https://sourceforge.net/p/keepass/discussion/329221/thread/baccb1a8/?limit=25#351d
cheers, Paul
See the FAQ:
http://keepass.info/help/kb/faq.html#siginv
Best regards,
Dominik
Dominik,
I get "Unknown Publisher" on Windows 10 (SmartScreen) -- I think it's because of the SHA-1 usage -- maybe this could be removed now?
KeePass is mentioned in digital signature - Deprecation of SHA1 code signing certificates on Windows - Information Security Stack Exchange.
Even if I do the download using Chrome, when I executre it, Windows warns me that it might be dangerous. I think it is unfortunate that, for whatever reason, people are expected to ignore warnings. Malware makers are celebrating.
Last edit: Anonymous 2016-02-01
And as one post points out, KeePass runs on his W10 machine without issue.
This really is a Windows implementation problem and users are caught up, as usual.
cheers, Paul
To show that the SHA1 signature is not an issue, the Microsoft Windows 10 setup.exe is also signed with SHA1 & SHA256.
cheers, Paul
Paul, the setup.exe you refer to is signed with BOTH.
And that is the key here. Windows (as of 2016-01-01) requires that installers and executables be signed with a SHA256 certificate. AFAICT that same SHA256 cert can also be used to generate an additional SHA1 checksum to keep Vista users happy. But at the end of the day, a SHA256 cert is now required for files marked with the "web" attribute (browsers tend to set this attribute for stuff downloaded from the web).
I just returned home, and found the link I wanted to post in my previous comment: http://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-authenticode-code-signing-and-timestamping.aspx?wa=wsignin1.0&PageIndex=2&CommentPosted=true "Windows Enforcement of Authenticode Code Signing and Timestamping".