Skip to content
GpgFrontend
GitHub

Application Self-Check

When Self-Check is enabled, GpgFrontend validates the digital signatures of its core dynamic libraries and components at startup. This ensures that the application’s essential code has not been altered, replaced, or corrupted—whether accidentally or through malicious interference.

How It Works

Section titled “How It Works”
  • During the build process, a cryptographic key pair is generated automatically for each build.
  • The application libraries (DLLs) are signed using the private key, and only the corresponding public key is embedded within the application resources.
  • After signing, the private key is discarded, making it impossible to forge new signatures for tampered binaries.
  • At runtime, GpgFrontend verifies each critical library against its signature using the embedded public key. If any library fails validation, a warning is displayed and the issue is logged.

Enabling Self-Check

Section titled “Enabling Self-Check”

Self-Check can be enabled by adding the following line to your ENV.ini configuration file in the application’s working directory:

SelfCheck=true

With this setting active, GpgFrontend will automatically perform a binary integrity check at startup.

Build Requirements

Section titled “Build Requirements”
  • The self-check signing process requires the GPGFRONTEND_SIGN_BUILT_BINARY parameter to be set during the build. This triggers the generation of the signing key pair and the signing of all relevant binaries.
  • The signing key pair is unique to each build. The private key is securely deleted after signing, ensuring that no one—including the developers—can generate valid signatures for modified or malicious binaries.

Platform Compatibility

Section titled “Platform Compatibility”
  • Windows: The self-check feature is currently effective only on Windows platforms. On Windows, dynamic library files are stable after build and signing, allowing signature verification to work reliably.
  • macOS and Linux: Due to common post-build modifications such as codesign, rpath adjustment, or packaging processes (e.g., AppImage, Flatpak), dynamic library files on macOS and Linux often change after build. As a result, digital signatures become invalid, and self-check is not currently effective on these platforms.

Security Note

Section titled “Security Note”

The Application Self-Check adds an important layer of security by helping to ensure that GpgFrontend’s executable code remains authentic and untampered. It is particularly recommended for security-sensitive deployments or when running GpgFrontend on shared or potentially untrusted systems.