Maxon Developers Maxon Developers
    • Documentation
      • Cinema 4D Python API
      • Cinema 4D C++ API
      • Cineware API
      • ZBrush GoZ API
      • Code Examples on Github
    • Forum
    • Downloads
    • Support
      • Support Procedures
      • Registered Developer Program
      • Plugin IDs
      • Contact Us
    • Categories
      • Overview
      • News & Information
      • Cinema 4D SDK Support
      • Cineware SDK Support
      • ZBrush 4D SDK Support
      • Bugs
      • General Talk
    • Unread
    • Recent
    • Tags
    • Users
    • Register
    • Login

    About the Necessity of Code Signing C++ Plugins

    News & Information
    news c++ cinema 4d sdk information
    1
    1
    382
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ferdinandF
      ferdinand
      last edited by ferdinand

      Dear Developers,

      In a changing security landscape Maxon Computer continues to deliver products which protect the systems of our users. In that spirit we announce a change to how we will treat code-signed binaries from third parties in future releases.

      Upcoming Changes to Loading Signed Binaries

      ⚠ The upcoming releases of Cinema 4D will not accept code signed C++ plugin binaries whose certificate has become invalid. A Cinema 4D installation which attempts to boot with a C++ plugin with such invalid certificate, will inform the user that the respective file is faulty, that the related plugin must be reinstalled, and then shut down Cinema 4D. The user will only be able to successfully boot Cinema 4D once he or she has removed your plugin.

      It is therefore important that you deliver your C++ plugins in one of the two forms listed below:

      1. As signed binaries with a valid certificate,
      2. or as unsigned binaries.

      Plugins for Windows which have been singend with a certificate which at the time of validation has expired are still valid when they are time-stamped and have either no expiration date on the time-stamp or have not yet reached the expiration-date of the time-stamp. In general, you should avoid shipping Windows plugins with an expired certificate.

      About the Necessity of Code Signing

      Code signing is the mechanism with which operating systems ensure that a to be executed binary has not been altered since it has been shipped by a vendor. Code signing is therefore not only in the interest of users who want to avoid executing modified binaries but also in the interest of application vendors to signal their trustworthiness.

      We recommend that all C++ plugins are code signed in the manner lined out in the code signing guides provided by Apple and Microsoft; we advise against shipping plugins signed with self-provided certificates intended for development only. Our Cinema 4D C++ SDK documentation also contains a section about code signing on macOS. We plan to add a similar section for Windows in an upcoming release.

      ℹ Code signing is a practice that should be followed for C++ plugin binaries for both on macOS and Windows. For Python plugins singing is technically not necessary but could be viewed as good practice.

      If there any open questions, please do not hesitate to ask them in the comments below or reach out to us directly via our contact form.

      Happy coding,
      the Maxon SDK Team

      MAXON SDK Specialist
      developers.maxon.net

      1 Reply Last reply Reply Quote 2
      • First post
        Last post