186 questions
1
vote
1
answer
136
views
Authenticode Signing speed on Windows: Token vs. Cloud?
Background
I am in the process of migrating our CI Code Signing from a Windows Cert Store based Cert/Private Key to an Token based solution (since Tokens or Cloud are 2025 the only solutions offered - ...
- 39.4k
3
votes
1
answer
236
views
How to read altered certificate data using WinApi?
I have a simple program:
int main(){
int t = 12 + 34;
return t;
}
The executable of this program is signed and the sign data altered with this disitool utility as described in in this thread: ...
- 1,335
0
votes
1
answer
881
views
Extracting certificate issuer and subject common name using PowerShell
I want to use a PowerShell one-liner to extract the signing certificate issuer and subject's common names, but I am not able to get it working. Currently, I have:
Get-AuthenticodeSignature .\test.exe |...
- 1,313
0
votes
0
answers
104
views
ElectronJS code signing with Authenticode
I have looked at electrons docs on how to sign my NodeJS ElectronJS code specifically for windows as im not working on apps for mac at the moment. However the options for obtaining a certificate are ...
- 25
1
vote
1
answer
223
views
Microsoft Partner Center HLKX driver submission: SHA2 error with SHA384 certificate
We've been submitting drivers to Partner Center for validation and signature by Microsoft for a long time. Recently our Authenticode certificate expired, so we purchased a new one. When we submit ...
- 9,124
3
votes
0
answers
2k
views
Does an expired timestamping certificate invalide the Code Signing?
TL;DR Question
Does the expiry of the Timestamp Certificate have any bearing on the validity of the signed file (under normal Windows operation)?
Preamble
The basics of Code Signing and Timestamping ...
- 39.4k
1
vote
1
answer
727
views
Code-Sign an Authenticode PE file using keys in a HSM in Linux
I need a non-windows (linux or FreeBSD) way of signing a boot executable(EFI binaries) in the Authenticode PE format.
Currently there are some tools like pbsign, sbsign, uefisign, osslsigncode on *nix ...
- 1,717
0
votes
2
answers
3k
views
powershell signing certificate unknownerror
I am following the instructions to sign a script
and I've got to the part where I sign the add-signature.ps1 file so that I can sign my script using it
$cert = @(Get-ChildItem cert:\CurrentUser\My -...
- 39
1
vote
0
answers
252
views
How to get the hash from signtool?
I understand that the Microsoft signtool utility and Powershell Set-AuthenticodeSignature cmdlet generate a hash of the data to be signed and use that to compute the signature. I need to get the hash ...
- 1,313
1
vote
3
answers
733
views
What kind of signing do I need to use IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY?
One of my toy projects require IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY in PE header to run. I've been testing it with test signing on, but I'm considering buying a cert if I can afford.
The documents ...
- 21
6
votes
1
answer
1k
views
What is Authenticode equivalent for .NET Core on Linux?
On Windows, there is Authenticode to sign .NET Core / .NET 5 assemblies (please note that I am not referring to Strong Name Signing which is different). This prevents tampering and guarantees ...
- 1,086
3
votes
1
answer
522
views
Windows Server 2016/2019 incorrectly return Authenticode signature on Owin.dll
Owin.dll, the assembly inside the Owin package on Nuget.org, does not have an Authenticode signature. However, on Windows Server 2016 and Windows Server 2019, Get-AuthenticodeSignature (and sigcheck....
- 946
0
votes
0
answers
174
views
WinAPI: codesign a directory
Is it possible to code-sign and validate a directory on Windows? Basically, something like MacOS bundle directory codesigning and validation?
- 118
3
votes
0
answers
612
views
PowerShell modules update fails after replacing code signing certificate
We recently renewed our code signing certificate which I also use for signing PowerShell modules.
The original certificate was from VeriSign which was acquired by DigiCert and they are now the CA. ...
- 1,307
0
votes
1
answer
643
views
Sign certificate with private key and logon domain
I'm implementing the program related to logon domain with certificate by custom KSP and my credential provider. I have successfully interacted from my credential provider to custom KSP. I'm in the ...
- 11
4
votes
1
answer
2k
views
Signtool.exe succeeds but zero signatures are added to the file
I'm writing a custom CNG provider (Key Storage Provider) to allow signing using our private HSM API in Signtool.exe
I implemented the APIs in my CNG provider and successfully installed in my Windows ...
- 111
3
votes
2
answers
5k
views
Set-AuthenticodeSignature won't perform SHA256 Timestamp?
Signing Windows binaries on Server Core Windows Server 2019 Datacenter Edition with Visual Studio 2019 Community.
signtool.exe was not behaving correctly (issues opening PFX file), and so we were ...
- 4,523
2
votes
2
answers
6k
views
Problem with ENGINE_load_private_key and PKCS#11
Being stuck with signing (Authenticode) using PKCS#11 tokens, and given the amazingly poor driver support from the vendor (SafeNet), we're signing Windows code on Linux.
All of this is working fine ...
- 427
3
votes
1
answer
1k
views
Inconsistency in results of calling Get-AuthenticodeSignature from PowerShell, often says NotSigned
I have a number of PowerShell files code signed during build.
I'm getting different signature status depending how I call Get-AuthenticodeSignature:
PS> Get-ChildItem | ForEach { Get-...
- 101k
1
vote
0
answers
111
views
What files do I need to code sign on Windows Electron app?
I want to sign a Windows Electron app. Do I only need to sign the installer that will be downloaded by the user or do I also need to sign the .exe (or .dll files) before they will be packaged by the ...
- 2,437
1
vote
0
answers
854
views
Example of proper use of SignerSignEx3
I was looking for any documentation of SignerSignEx3.
There are examples of how to use SignerSignEx2, however SignerSignEx3 has almost no documentation,. SignTool uses it and in order to code sign ...
- 4,302
4
votes
1
answer
8k
views
Is there any way to sign the windows executables generated by the Go compiler?
I am trying to find out if there is a possibility to sign executables produced by the Go compiler. I cannot see this in the build/compile options. Is this even possible?
- 1,494
7
votes
2
answers
3k
views
Amended code to retrieve dual signature information from PE executable in Windows?
I've been struggling for awhile to amend this code sample from Microsoft that shows (somewhat outdated) way how to retrieve a code signature information from an executable file. It works but it doesn'...
- 1,093
1
vote
3
answers
244
views
How do you know that some fields in structs are arrays?
I'm looking at this piece of C code from Microsoft wincrypt.h header file
//+-------------------------------------------------------------------------
// Attributes
//
// Where the Value's ...
- 7,194
0
votes
1
answer
2k
views
How to check dll Authenticode?
I have a dll that is digitally signed, when my application start I want check that this dll is "original", in particular isn't replaced with a fake one.
How can I do this checking the Authenticode ...
