About the Necessity of Code Signing C++ Plugins
-
Dear Developers,
In a changing security landscape Maxon Computer continues to deliver products which protect the systems of our users. In that spirit we announce a change to how we will treat code-signed binaries from third parties in future releases.
Upcoming Changes to Loading Signed Binaries
The upcoming releases of Cinema 4D will not accept code signed C++ plugin binaries whose certificate has become invalid. A Cinema 4D installation which attempts to boot with a C++ plugin with such invalid certificate, will inform the user that the respective file is faulty, that the related plugin must be reinstalled, and then shut down Cinema 4D. The user will only be able to successfully boot Cinema 4D once he or she has removed your plugin.
It is therefore important that you deliver your C++ plugins in one of the two forms listed below:
- As signed binaries with a valid certificate,
- or as unsigned binaries.
Plugins for Windows which have been singend with a certificate which at the time of validation has expired are still valid when they are time-stamped and have either no expiration date on the time-stamp or have not yet reached the expiration-date of the time-stamp. In general, you should avoid shipping Windows plugins with an expired certificate.
About the Necessity of Code Signing
Code signing is the mechanism with which operating systems ensure that a to be executed binary has not been altered since it has been shipped by a vendor. Code signing is therefore not only in the interest of users who want to avoid executing modified binaries but also in the interest of application vendors to signal their trustworthiness.
We recommend that all C++ plugins are code signed in the manner lined out in the code signing guides provided by Apple and Microsoft; we advise against shipping plugins signed with self-provided certificates intended for development only. Our Cinema 4D C++ SDK documentation also contains a section about code signing on macOS. We plan to add a similar section for Windows in an upcoming release.
Code signing is a practice that should be followed for C++ plugin binaries for both on macOS and Windows. For Python plugins singing is technically not necessary but could be viewed as good practice.
If there any open questions, please do not hesitate to ask them in the comments below or reach out to us directly via our contact form.
Happy coding,
the Maxon SDK Team