Authenticode signing and released Aspose assemblies

I would like to address your issue/ requirements from Aspose.Cells perspective.

Well, we may provide the Aspose.Cells assemblies without authenticode on demand for the users as we do not include it into our official release of the product (MSI Installer and Dlls version etc. which is also included into Aspose.Total for .NET package). I have logged a ticket with an id “CELLSNET-42291” for your issue/requirements. Hopefully, we may attach the zip file here containing the unsigned Aspose.Cells assemblies soon.

Thank you.

Thanks for your answer. Unfortunately, providing only Aspose.Cells.dll without authenticode is near to useless for us.

First, we need this for all DLLs. Currently our "bin" folder contains :

- Aspose.Cells.dll

- Aspose.Diagram.dll

- Aspose.Email.dll

- Aspose.Pdf.dll

- Aspose.Slides.dll

- Aspose.Tasks.dll

- Aspose.Words.dll

So, the authenticode will continue to delay the first load of our product web site.

Second, a one-shot release of these no-authenticode dlls is not the best as we may probably have to upgrade them with future versions. We'll need to ask for them again, which is possible of course, but annoying and time-consuming for you as for us.

I would prefer that you integrate this in your build/release process, although I can understand this could be quite a big deal.

In any case, we could deal with the workaround mentioned in my first post, but it would be a lot easier not to have to : currently, our client deployed our product mainly on servers without internet connection...

By the way, I'm not sure I really understand the use of this authenticode from your perspective, could you explain ? Strong-name signing is not enough ?

Kind regards,

Patrick

Thank you for contacting support. I would like to address your issue from Aspose.Diagram API perspective.

Normally, we provide the Aspose.Diagram libraries without authenticode on demand as my colleague has stated in the above reply. I have logged a task to provide Aspose.Diagram libraries without authenticode. This task has been logged under ticket id DIAGRAMNET-50011 in our issue tracking system. Furthermore, our development team will look into the matter to upgrade to future versions. I have also added your comments against the ticket id DIAGRAMNET-50011. As soon as any information is shared by them, I will be more than happy to share that with you.

Thanks for contacting support.

I am sorry to inform that currently we do not offer Aspose.Pdf for .NET product binaries without Authenticode signing. However I have logged this requirement in our issue tracking system as PDFNEWNET-36306. We
will further look into the details of this problem and will keep you updated on
the status of correction. Please be patient and spare us little time. We are
sorry for this inconvenience.

Thanks for raising this with us. You ask a question about why we digitally sign our DLLs - it’s fairly common practice for leading component and software vendors as it helps validate that our binaries are original and free from any threats or modifications inserted by 3rd parties. For many customers it will be a requirement due to their security policies and server environments and it’s unusual for it to be an issue.

The approach you describe to disable the checking of the signature is the correct approach if you do not wish the code signature to be checked and should be simple to implement. Please let us know if you run into difficulties with that.

As we’ve had only very few requests about this topic, and .NET provides a simple way to disable signature checking when it is not needed, it’s unlikely we would provide more of our products with an unsigned binary as standard at this stage.

Please try our latest version/fix: Aspose.Cells for .NET v7.7.2:

In the new release archive of Aspose.Cells for .NET v7.7.2, now we also provide assemblies without authenticode signed similar to Aspose.Words for .NET.

Let us know if we can be of any further help.

Thank you.