What happens if there are already .sig files?

[bastik-1001]

The user can sign files and MajorPrivacy creates a .sig file in the program's folder. What happens if there is already a .sig file for that program? (Maybe the software developer created one and the program checks against that file.) Is the file replaced? Or does the file contain multiple signatures?

 

[offhub]

MajorPrivacy uses .mpsig files (not plain ".sig" anymore) and there are two(?) places signatures can live:
1. local signature file next to the program: ProgramName.mpsig (only for developer signed files? not sure)
2. in the registry alongside the protected configuration [Process Security -> Hash Database]

CHANGELOG [0.98.4] - 2025-08-27

Redesigned the user controlled Code Integrity verification mechanism

• Instead of using C:\ProgramData\Xanasoft\MajorPrivacy\sig_db files all user trusted hashes and certtificates are now stored in the registry alongside the protected configuration
• Caution: the new code does not automatically import old signatures, you need to re-authorize your files

CHANGELOG [0.97.0] - 2025-01-11

Redesigned the user controlled Code Integrity verification mechanism

• renamed *.sig files to *.mpsig and enhanced the format to make it future proof, old files wont be loaded anymore

 

[DavidXanatos]

The mechanism was changed even more now the allowed hash DB is stored in the registry along side the protection rules themselves.
*.mpsig files are used now only for own components