GuideGuide Post Mortem — What I Learned About Code Signing

Dec 10, 2012

I’ll start this post off by saying that I do not consider myself a skilled developer. I’m a front-end designer that is stubborn enough to know when things are fixable and believe that I’m skilled enough to fix them.

Some times I’m wrong.

This weekend the vast majority of CS5 and 6 GuideGuide users opened GuideGuide to find a blank panel. When they went to tried to reinstall GuideGuide they were met with an error telling them they could not install GuideGuide because it did not contain a valid signature. Trying to install any old version would do the same.

So what happened?

My code signing certificate expired.

When you publish an extension for Photoshop (or bundle most kinds of code) you go through a process called code signing. The short explanation is that doing so provides GuideGuide’s users with with the confidence that 1. I’m a real human being that has been proven to exist in a place, and 2. That I’m legitsies. Basically, signing my code with a code certificate says I’m not going to hack your computer and if I tried to, there’s an easy paper trail back to me to hold me accountable. It also means you don’t get an annoying ”This is an unsigned application’ warning when you install GuideGuide.

Last year I purchased a 1 year code signing certificate that expired this weekend. What I didn’t know up until last night is that if you don’t include a timestamp when you sign your code, any applications authored with the certificate will stop functioning when the certificate expires.

What am I doing to prevent this in the future

Now that I have a stable signed version of GuideGuide back online, I’m going to figure out how to timestamp future versions so they don’t fail outright when the certificate expires. Instead, they’ll continue to function as normal.

Seems like a pretty simple thing, but it’s a simple thing I didn’t know existed. Life is all about learning, and I certainly learned something this weekend. I hope all of you are back up and running and GuideGuideing your days away.