Stack Overflow
Stack Overflow

Questions tagged [authenticode]

Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed by use of a cryptographic hash. Microsoft Authenticode (TM) is Microsoft's implementation of digitally code signing executables.

Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed by use of a cryptographic hash. Microsoft Authenticode (TM) is Microsoft's implementation of digitally code signing executables.

185 questions
1
vote
1 answer

Windows XP SetupAPI refuses to install non-WHQL-signed .INFs from a service

My service is invoking SetupCopyOEMInf to install an Authenticode but not WHQL signed INF file. SetupCopyOEMInf is returning with CERT_E_WRONG_USAGE (0x800B0110) and the INF file is not being installed.
Ilya
  • 5,533
  • 2
  • 29
  • 57
1
vote
0 answers

Code-signature expiration on already signed files

I was using Microsoft's SignTool to sign my executables with my code signing certificate using the following command line call: signtool.exe sign /q /f "cert.pfx" /p "pfxpassword" /d "File Description" /t…
c00000fd
  • 20,994
  • 29
  • 177
  • 400
1
vote
0 answers

How To Detect Programmatically that a Certificate is "Class 3" for Authenticode

Is there some reliable way to detect whether a particular code signing certificate is a "Class 3" certificate? This crops up as a requirement in a lot of Microsoft's Authenticode documentation, but it's never made clear how to tell a Class 3 cert…
Ian Griffiths
  • 14,302
  • 2
  • 64
  • 88
1
vote
1 answer

Code Signing Certificate Expiration Issue

My code signing certificate is valid from 3/3/12 to 3/3/13 (Comodo) Will re-newing it issue me a new certificate (.pfx file) ? or can I use the current certificate (.pfx file) after 3/3/13 after I pay the fee? Will the existing signed applications…
Computer User
  • 2,839
  • 4
  • 47
  • 69
1
vote
0 answers

Security of WinVerifyTrust, or verifying trust of a locked file

I have a process that loads an external DLL (sort of a plugin system) where I want to verify that the loaded DLL is signed correctly using Authenticode. After perusing the documentation for WinVerifyTrust and LoadLibrary (and friends) one thing that…
Guss
  • 30,470
  • 17
  • 104
  • 128
1
vote
1 answer

Obtaining an authenticode for an Azure application

I am in the process of trying to obtain an authenticode certificate for our online application. I have paid for the cert (through KSoftware a reseller of Comodo). They insist that they require the WHOIS information of the sites address to match the…
Toby Holland
  • 1,029
  • 2
  • 14
  • 29
1
vote
1 answer

unknown publisher warning on unique downloads

We have an exe file delivered by an ASP.NET application. This binary is actually modified on the fly in memory. Is there any way to sign the modified exe with authenticode in memory without writing to disk? There's probably no way to sign the…
elan
  • 163
  • 7
0
votes
1 answer

Can I sign an .exe that launches another?

I'm developing an installer (an .exe) that extracts and launches another installer. If I use an Authenticode certificate to sign the first .exe, does the embedded installer need to be signed too? I need to be able to run my installer on various…
Jon Onstott
  • 13,499
  • 16
  • 80
  • 133
0
votes
0 answers

how to parse this timestamp request

I would like to get the certs for this timestamp response, this is a microsoft authenticode timestamp response. This is somewhat same like this Export Time stamp 'signing_time' from signed data in asn1 format but for certificates and the response…
Leonardo Guerrero
  • 1
  • 2
0
votes
0 answers

ElectronJS code signing with Authenticode

I have looked at electrons docs on how to sign my NodeJS ElectronJS code specifically for windows as im not working on apps for mac at the moment. However the options for obtaining a certificate are very expensive, something like just under $500 a…
Braydan
  • 25
  • 6
0
votes
1 answer

Authenticode - Sign the hash of a file with an external tool

I try to use signtool from MS to sign the hash of an executable file with an external tool. Unfortunately the option /di to inject the sign hash doesn't work. There is no error message, but when I check the properties of the file there is the…
Chico Rico
  • 1
  • 2
0
votes
0 answers

Signed exe in MSIX package

I package a WPF application (C#, .NET 6) into a Windows packaging project (msix bundle for sideloading). The executable of the application should be signed, this is done easily by PostBuild Event and signtool. But for some reasons, Visual Studio…
Børge Grunicke
  • 1
0
votes
0 answers

Code signing systems for software in Linux like Authenticode in Windows

SO! We're developing a desktop app for Windows and using *.pfx Code Signing certificate from GlobalSign for signing code after compiling. Now we have also started developing and building this app in Linux for Linux-based systems. Does Linux have the…
Brabada
  • 1
  • 1
0
votes
1 answer

How to identify end-entity certificate in chain/bundle with Python Cryptography?

I am using Python module pefile to extract the Authenticode from a Windows PE file. pe.parse_data_directories(directories=[pefile.DIRECTORY_ENTRY['IMAGE_DIRECTORY_ENTRY_SECURITY']]) vAddr =…
synner
  • 31
  • 3
0
votes
1 answer

Authenticode sign of executable with timestamping via SSL

When using signtool.exe to perform authenticode signing of executables, we want to use timestamping to ensure that the executable will still be valid in the future. It seems that the timestamping server protocol only supports http:// and not…
A X
  • 905
  • 2
  • 13
  • 31
1 2 3
12 13