Game Design, Programming and running a one-man games business…

My experience with code signing certificates for games…

cliffski

Hands up everyone who knows about code-signing certificates!!!! anyone?

Well they are quite dull, but you have all seen evidence of them, or their non-existence. Code-signing has been around a long time, but for most of the time it’s been a topic that indie game devs could ignore. Essentially, as I understand it, code signing is a way for people to know that the exe file they are downloading is the same exe file it claims to be, and that it doesn’t have any malware in it (not really…but…read on).

If you download an .exe file from the internet using internet explorer, you get scary message windows popup and warn you that your house is about to explode and that swarms of locusts will descend and kill you. However, if that exe file is code-signed, the message is marginally less scary, and you are told the locusts are probably not deadly, and that the explosion will only cause collateral damage.

Some poor sods who have the misfortune to have malware called ‘norton internet security’ probably don’t even get that far. This malware just deletes any exes it doesn’t personally like the look of, regardless of content or publisher… sigh.

Anyway, the get your code signed (and thus scare your potential customers/demo downloaders) a *bit* less, you need to pay an exorbitant sum of money to some supposedly trustworthy company that will verify who you are. I paid $99 and got a few emails asking to see bill or bank statement scans (like they can’t be forged in 10 minutes in photoshop), hand-wavey claims that my identity will be verified in ways unmentioned, and a 1 minute phonecall from a very bored guy in an indian call center checking that I knew all about my submission.

In other words, rigorous FBI-level security clearing stuff that mafia-funded russian hackers could not even begin to circumvent. Oh no…

And then you get a special URL that plonks something somewhere in your copy of internet explorer (it HAS to be IE, what irony!) and are left to fend for yourself.

A bit of experimenting showed that you can ‘export’ the certificate from IE onto your hard drive, at which point you pick a password for it. The next bit it easier, because if you use inno setup, there are simple instructions of enabling it to auto-sign your installers, once you’ve downloaded a ‘signing tool’ from some third party.

And then lo! You have code-signed installers. This means Internet Explorer and Norton Internet Stupidity are very very very slightly less suspicious of my games and demos. Hurrah! Thanks to crass stupidity at the highest levels, they still spout warnings like ‘This file is not commonly downloaded, and therefore must be a virus’ (which are never ever downloaded, clearly). But, it’s a slight step in the right direction.

People are getting more and more used to using clients like steam to get games, and more and more wary of random internet exes. I thought I should at least do my tiny bit to stem the tide of the total extinction of a free, open internet where people can sell games direct, by actually signing my exes and making them seem safer to the wary. Pity that the entire code-signing system was exposed as totally insecure, but I don’t make the rules…

2 thoughts on My experience with code signing certificates for games…

  1. I did look into it but the sites I found at the time seemed to be asking a lot more for the feature.

    Also the code signers are per an installer/app, so I would have needed to write a generic installer that would be downloaded with a license and then download and install the actual game.

    But this is for the windows platform, certification appears to be built into apples developer tools for the Mac platform.

    It would be cool if there was a similar process for Windows and Android, that would provide a security certificate for your game/app.

    But then again people can just play browser based games on the ultra-secure Flash plugin or via their web browser without any warnings popping up!

  2. There is one place, though, where you should think about signatures: your auto-updater. I did a long post about this some time ago, but the point is that if you ship an auto-updater that doesn’t do a public key signature check on whatever it is going to install, you may be a bad person.

    Suppose the user installs your game, which includes an updater. They exercised judgement in downloading and installing it, and decided to trust you with their computer, to some extent.

    Your updater, then, takes this trust and uses it to connect to a web server you ostensibly control and keep secure somewhere somehow to download updates. The problem of course is you probably don’t or can’t really keep that source secure, so you’ve exposed all your users to having malware automatically installed on their PC if your website is ever hacked.

    You can get around this by having your updater check the signature of whatever it downloads. This requires implementing RSA or similar into your updater. But this way, you can sign all exes or other update files that you upload to your updater website, and you only have to keep the signing keys secure. If you do this by putting it on an encrypted volume that you only mount when you are signing the update files, then that is very secure.

    I did a longer post about it some time ago, hopefully this doesn’t seem rude to post a link to it here: http://kittylambda.com/node/480

    It just terrifies me a little bit like when notepad++ or something wants to auto update. Or even Chrome– like, does the google updater take for granted that the source site will never be compromised? SHIVERS UP MY SPINE, MAN!!

    Note that I agree with you about code-signing silliness. What do you think about the new Mac store code signing though? Is it better, worse, sillier, or less silly?

Comments are currently closed.