Community
    • Login

    Notepad++ v8.8.3 Release: self-signed certificate

    Scheduled Pinned Locked Moved Announcements
    24 Posts 9 Posters 26.4k Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • PeterJonesP Online
      PeterJones @donho
      last edited by

      @donho said in Notepad++ v8.8.3 Release: self-signed certificate:

      You can use openssl … to verify them

      Right.

      I have openssl on Windows, and it can confirm:

      C:\Users\pryrt\Downloads>ls -latr nppRoot-primary*.crt
-rw-rw-rw-  1 pryrt 0 6380 2025-07-11 10:07 nppRoot-primary.crt
-rw-rw-rw-  1 pryrt 0 6480 2025-07-11 10:13 nppRoot-primary-crlf.crt

C:\Users\pryrt\Downloads>openssl x509 -in nppRoot-primary.crt -noout -fingerprint -sha256
sha256 Fingerprint=44:3B:45:43:C3:A6:82:80:45:40:84:97:93:55:6F:FD:3A:6C:E5:D4:72:1C:9A:DF:DA:64:50:22:3D:DD:54:D7

C:\Users\pryrt\Downloads>openssl x509 -in nppRoot-primary-crlf.crt -noout -fingerprint -sha256
sha256 Fingerprint=44:3B:45:43:C3:A6:82:80:45:40:84:97:93:55:6F:FD:3A:6C:E5:D4:72:1C:9A:DF:DA:64:50:22:3D:DD:54:D7

      That is giving the SHA256 fingerprint of the binary data, not the SHA256 for the BASE64-encoded text file.

      What do you think

      Since the MS Windows certificate viewer (Crypto Shell extension) doesn’t show the SHA256 fingerprint, and the since an external tool (like Notepad++ > Tools > SHA-256 > Generate from files) will show the SHA256 of the bytes of the file they downloaded, not the hash of the underlying encoded binary data, the user would get something like

      cce7717c8a38afec9e6de523d108cdd3615a3e1543aeb6e31663b6b7dbc19c90  nppRoot-primary-crlf.crt
e133b9302aae0aa7d9f6db63289aeea709fb57346dc702357f9d71b1bd3ffb21  nppRoot-primary.crt

      depending on whether their copy of the file has CRLF (first) or just LF as originally published (second) – and neither of those match the hash of the internal binary data.

      That causes user confusion, which is bad (and may lead them to incorrectly conclude there is a problem with the file).

      SHA256 is removed in Resources page.

      Thanks. It will be removed from the User Manual soon.

      datatraveller1D 1 Reply Last reply Reply Quote 1
      • datatraveller1D Offline
        datatraveller1 @PeterJones
        last edited by datatraveller1

        BTW (just for information), VirusTotal has an “invalid-signature” tag at
        https://www.virustotal.com/gui/file/7094a07167648628e47249a16d9d6db922e5aa1255ac4322a2e4900d233372dd?nocache=1
        Ah sorry, I have just read this is normal for self-signed certificates.

        1 Reply Last reply Reply Quote 0
        • donhoD Offline
          donho @donho
          last edited by

          FYI, auto-updater has been triggered to v8.8.3.

          Lycan ThropeL 1 Reply Last reply Reply Quote 3
          • Lycan ThropeL Offline
            Lycan Thrope @donho
            last edited by

            @donho , worked without a hitch or a hiccup. No problems with the update on my Standard Install version.

            1 Reply Last reply Reply Quote 4
            • donhoD donho unpinned this topic on

            Hello! It looks like you're interested in this conversation, but you don't have an account yet.

            Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

            With your input, this post could be even better 💗

            Register Login
            • First post
              Last post
            The Community of users of the Notepad++ text editor.
            Powered by NodeBB | Contributors