Weird signature size question :)


This is going to be a weird question :slight_smile:

My name is Barna Buza, I’m the member of a computer art subculture called the Demoscene. One of the products of this subculture is a thing called a 64kbyte intro, which is a single executable that, when run, creates a sort of non-interactive real-time music video of about 4-5 minutes. The 64 kbyte stands for the traditional file size limitation. These productions are achieved with procedural content generation, and more importantly in this case - executable compression. Due to the nature of antivirus software and exe compressors, our productions are more often than not flagged as malware. To counteract this (and to avoid the tedious task of writing 30 antivirus companies to whitelist our releases) I’m looking into code signing.

From my perspective the most important factor when applying a digital signature to the executable is the filesize, because I’d like to keep our releases under 64k even so. I created local certificates to test things, and found that for example the pick of TSA can vary the size of the signature between 2.5 and 5.5 kbytes - those 3 kbytes are a big deal for us. I found the Comodo TSA to produce the smallest result (presumably due to not sitting at the end of a long chain of CAs), and so I came here for help in testing something.

I’d like to know how much larger a proper signature would be as opposed to one created with makecert.exe. Obviously I’d like to avoid purchasing a code signing certificate for a year just to test something that may tell me that this whole idea is unviable. So what I’d like to request on this forum is to help me out by downloading and signing a test executable. I don’t need the signed executable, you can delete it right away after you checked the file size. You’re not required to launch the executable. (You may, if you want to see a 4 minute real-time video, provided you have a 2 gb videocard, directx 11 and a proper cpu, but here’s a youtube link if you want to play it safe) All I’m interested in is the resulting exact filesize after it has been signed with signtool.exe, and the exact filesize after the timestamping from Timestamp Server And Stamping Protocols | Sectigo® Official (the rfc3161 signature ended up being larger).

You can download the test executable from link removed by moderator. Due to the previously mentioned compression it might set off false positive warnings, but since execution of the program is not required for this test, it’s safe even if you don’t trust a stranger over the Internet :slight_smile:

Thank you in advance for accommodating someone with a weird hobby :slight_smile:

This is a piece of software that is unfamiliar to me so I removed the download link to the executable as a safety measure for inexperienced users.

However, you are totally free to send the download link to interested users by pm.

Enjoy your time here at the Comodo forums.

After looking a bit more into the issue we realized that even if it would be possible to sign our executables the issue of false positives would still persist, as nowadays even malware is getting signed and a compressed executable will surely trigger a number of heuristics in av software. Thanks to anyone who would have helped though.