Bypassing the Authenticode Signature Check on Startup

 

Authenticode verification will hurt startup time. I recently experienced this on a customer project. The initial startup time to show some parts of the UI took way to long first time accessing them. The WPF application is accessed through Citrix which also affects the startup performance for assemblies that needs to be verified.

Authenticode-signed assemblies need to be verified with the CA.  This verification can be time intensive, as it can require hitting the network several times to download up to date certificate revocation lists, and also to ensure that there is a full chain of valid certificates on the way to a trusted root.  This can, as in our case, end up in several seconds delay while that assembly is being loaded. Worst case for us was almost 30 sec for some client setups.

To get rid of this issue you can either install the CA certificate on the client machine or avoid using Authenticode when possible. We know that our application doesn’t need the Publisher evidence so we can do the following.

In .NET Framework 3.5 there is a configuration option that allows bypassing the Authenticode verification.  This can be done by adding adding the following lines to the .exe.config file:

<configuration>
        <runtime>
              <generatePublisherEvidence enabled="false"/>
       </runtime>
</configuration>

More information is available here as well as on this blog.

KB936707 discuss how you can also enable this in .NET Framework 2.0

Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: