tag:blogger.com,1999:blog-905735152719562127.post5173799859137751920..comments2024-03-11T05:58:23.741-07:00Comments on Technical Blog for Jim Beveridge: Code Signing with SIGNTOOLJim Beveridgehttp://www.blogger.com/profile/07446539325869013304noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-905735152719562127.post-27307743577831646342011-10-31T10:10:24.444-07:002011-10-31T10:10:24.444-07:00Sorry, I have no experience with Trusted Root Cert...Sorry, I have no experience with Trusted Root Certificates. A Trusted Root should either be a registrar or a corporate certificate created by someone who knows what they are doing. A self-signed certificate would almost never be a trusted root.Jim Beveridgehttps://www.blogger.com/profile/07446539325869013304noreply@blogger.comtag:blogger.com,1999:blog-905735152719562127.post-62263951264505224212011-10-29T01:28:19.298-07:002011-10-29T01:28:19.298-07:00Jim, In my certificate (.cer) that I have installe...Jim, In my certificate (.cer) that I have installed in "Trusted Root Certifi....." store, I don't have any sort of description in it. This is what I use to sign :<br />sign /v /n "Subject PArt of " /t http://timestamp.veris<br />ign.com/scripts/timestamp.dll Application.exe<br /><br />but it doesn't work. Can you help me with this. In many sites I found they ae using storename, but you aren't using any store name also. So, is your certificate installed/imported or where it is. Kindly help me. From many days I am after this, but couldn't achieve the goal yet.Terrynoreply@blogger.comtag:blogger.com,1999:blog-905735152719562127.post-68976343209752415742011-03-16T20:01:40.204-07:002011-03-16T20:01:40.204-07:00Thanks !Thanks !Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-905735152719562127.post-3696822839758373262010-10-04T14:09:38.142-07:002010-10-04T14:09:38.142-07:00Spike,
To sleep for one second, use something lik...Spike,<br /><br />To sleep for one second, use something like this:<br /><br />ping 127.0.0.1 -n 2 -w 1000 > nul<br /><br />Or use a "sleep" command from CygWin or the Windows Resource Tools.Jim Beveridgehttps://www.blogger.com/profile/07446539325869013304noreply@blogger.comtag:blogger.com,1999:blog-905735152719562127.post-60647086083841891882010-10-04T14:05:06.533-07:002010-10-04T14:05:06.533-07:00Thanks for the great post, I got several valuable ...Thanks for the great post, I got several valuable ideas from it. I recently ran into the signtool 'cannot access the file' problem on Windows 7. I found that adding a command like "ping 127.0.0.1 >NUL" before the signtool command makes the problem go away, or at least makes it much less frequent.<br /><br />And just to mention another weird problem I had to resolve with signtool: Using a forward slash ('/') in the sign /d description string causes the resulting digital signature to be considered invalid by Windows. Prefixing with a backslash (like \/) gives a valid signature again, but - both characters end up in the description! I gave up and used a dash instead of the slash...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-905735152719562127.post-84911598909932244882008-09-10T22:12:00.000-07:002008-09-10T22:12:00.000-07:00Regarding the error I mentioned above: Turns out ...Regarding the error I mentioned above: Turns out it was Norton Antivirus's "real time" protection. Aside from disabling that, I was able to overcome this issue by putting the signtool command *after* another unrelated line in my post-build. The unrelated line makes two calls to <A HREF="http://code.mattgriffith.net/UpdateVersion/" REL="nofollow">updateversion</A> and takes < 1 sec, but this gives enough time to free the file lock.Ricochethttps://www.blogger.com/profile/14732846470112102643noreply@blogger.comtag:blogger.com,1999:blog-905735152719562127.post-44740398225768631362008-09-10T14:59:00.000-07:002008-09-10T14:59:00.000-07:00My first guess is that the SignTool error is cause...My first guess is that the SignTool error is caused by the indexing system. Try disabling the indexer and see what happens. (Could be Windows Search, Google Search, etc.)Jim Beveridgehttps://www.blogger.com/profile/07446539325869013304noreply@blogger.comtag:blogger.com,1999:blog-905735152719562127.post-47608095660160025152008-09-10T14:53:00.000-07:002008-09-10T14:53:00.000-07:00Thanks for the tip on using /a in the post-build t...Thanks for the tip on using /a in the post-build task, it made things much simpler.<BR/><BR/>I'm using VS2008, and for whatever reason timestamping (using /t ) is failing in the post-build event, even though the same full signtool command works fine if I manually run it afterward. The error is <BR/><BR/>EXEC : SignTool error : ISignedCode::Timestamp returned error: 0x80070020<BR/>The process cannot access the file because it is being used by another process.<BR/><BR/>Did you have that hurdle? Any suggestions?Ricochethttps://www.blogger.com/profile/14732846470112102643noreply@blogger.comtag:blogger.com,1999:blog-905735152719562127.post-2932275456253420142008-08-11T12:49:00.000-07:002008-08-11T12:49:00.000-07:00In answer to sumit's question, you can check the s...In answer to sumit's question, you can check the signature of a file with the function WinVerifyTrust. Sample code can be found at <A HREF="http://msdn.microsoft.com/en-us/library/aa382384(VS.85).aspx" REL="nofollow">http://msdn.microsoft.com/en-us/library/aa382384(VS.85).aspx</A>.Jim Beveridgehttps://www.blogger.com/profile/07446539325869013304noreply@blogger.comtag:blogger.com,1999:blog-905735152719562127.post-69360340075609612432008-05-25T01:39:00.000-07:002008-05-25T01:39:00.000-07:00How do you verify the file integrity of file? Wind...How do you verify the file integrity of file? <BR/><BR/>Windows doesn't verify the digital signature of the file other than if it is an ActiveX object (there are few other)?<BR/><BR/>Do you know Windows API using them one could read the digital file signature from the signed file?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-905735152719562127.post-56010715725741014022007-03-20T07:58:00.000-07:002007-03-20T07:58:00.000-07:00You better use PFXhttp://matrixalaya.blogspot.com/...You better use PFX<BR/><BR/><A HERF="http://matrixalaya.blogspot.com/2007/03/exporting-non-exportable-certificates.html">http://matrixalaya.blogspot.com/2007/03/exporting-non-exportable-certificates.html</A>Anonymousnoreply@blogger.com