Cost-free software: Freeware without restrictions or hidden traps
Due to today's widespread stinginess mentality, many PC users are looking for free software that can be downloaded free of charge. But in many cases, the license terms of freeware contain hidden conditions which are accepted during installation. The most harmless ones are the evaluation of usage behaviour or the use of personal data. Alternatively, these free programs install Adware or Crapware in addition.
The freeware products of abylonsoft are offered really free of charge, without hidden conditions and unwanted piggyback software.
With the software abylon LOCAL-USER local user accounts can be created under Windows with one click. After entering the desired user name and password, the offline account is created under Windows and can subsequently be used. Thereby the local user profile can be added in a workgroup as well as in a domain.
The software abylon FREEHASH determines checksums of files according to the hash procedures MD5, SHA-1 and SHA256. The hash function determines a checksum of a fixed length from a file of any size. This checksum is comparable to a fingerprint and almost unique for each file. This makes it possible to compare files without checking the contents of the file itself.
The encryption with the software of abylonsoft is not a one-way street! The free reader version allows you to decrypt and/or verify signed, encrypted or SME files. Currently, standardized files with the following file extensions (Symmetrically Encrypted: CR2 / Asymmetrically Encrypted: CRP, PK7, P7M, VSP7, ASC, TBE / Signed): P7M, VSP7, TBS, SGN / Digital Envelope file: SME) supported
This tool allows you to create self-signed test certificates (X.509 v3), saving you the hassle and expense of going to a CA (certificate issuer). With this key pair and the corresponding applications the signature and encryption of data is possible.
totul este bine
If you only use a self signed certificate to validate the contents of your distributed executables then it provides zero assurances to your customers that the digital signature is valid and created by you unless they install a validated copy of your self signed signature in their security stores to validate the executables against which is a massive security no-no. I could use your selfcert to create a fresh signature with all your data in the fields, edit your binaries and sign it with the spoofed self signed certificate and only YOU could prove it was not signed by you, everyone else would just get the same error as we get on your self signed certificate. Now if you signed it with a properly created and validated certificate your customers could validate the signature as OK with no errors and it would be MUCH harder for me to spoof your validated countersigned certificate. Self signed certificates are a cludge for developers in house private testing NOT for use in public unless one is willing to downgrade security digital certificates provide as a whole! Whether it is for SSL/TLS or executable signing, requiring end users to routinely accept certificates that do not sit within the established Certifying Authorities chain is a bad thing to ask. In certain very limited circumstances it is understandable with imbedded https servers on internet of things just to obfuscate the traffic but to teach end users to accept self signed certificates as if they were as good as those that are from a valid certifying authority is just bad actor behaviour in my opinion.
In the case of the abylon SELFCERT software, we explicitly point out that these are self-signed certificates. There are already application scenarios where a self-signed certificate is completely sufficient. However, this is up to each individual. Of course, only those who are familiar with the matter should use them.
When it comes to the signature of the software we offer, your statement is correct to a certain extent. Those who find self-signed software too insecure should keep their hands off it. In addition, everyone should think about where he downloads a software. NOBODY should obtain software from a source they do not know.
In our eyes, even software signed with an official certificate is not really safe. Who looks exactly at the data in the certificate? Is the data correct or maybe just similar. Not only for this reason we see the certification rather as a business model of a few, than as a real protection for the user. But this is of course only our personal opinion.
z. Google, for example, also uses only self-signed certificates for all Android apps, which each developer creates himself.
We can discuss this topic for a long time. Maybe we will change our attitude sometime. For more information - we have not developed the abylon SELFCERT tool for signing data, but for encrypting data.
hello, just to say what a pity that the certificate isn't truted by trustprovider, doing desinfection's tools I use your program but in virustotal.com it's said "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."
Do you mean the signature of the setup file or the certificates created with the software.
The software abylon SELFCERT creates only so-called self-signed certificates. These are quite sufficient for many cases, especially in the private sector.
For the signature of the setup, we also used only a self-signed certificate. Therefore, the certificate chain is also interrupted. In our eyes, there are no advantages for the user in the case of the signature with a commercial acquired certificate.
Or how do you see this?
is possible to generate new sha256 certificate with this tool?
Currently supports abylon SELFCERT only SHA1.
A note or observation intended to explain, illustrate, or
criticise the meaning of a writing, book, etc.;
explanation; annotation; exposition.
Hi Maria, unfortunately, we are not clear about what you want to express with your message. We would very grateful for a more detailed explanation, alternatively by email.