authenticode

Disabling authenticode signature verification in .NET exe without app.config

Does anyone know how to disable authenticode signature verification in a .NET executable (to avoid slow startup) without using an application config file? In other words, do this: <configuration> <runtime> <generatePublisherEvidence enabled="false"/> </runtime> </configuration> without an app.config. Is it possible? ...

Validate Authenticode signature on EXE - C++ without CAPICOM

I'm writing a function for an installer DLL to verify the Authenticode signature of EXE files already installed on the system. The function needs to: A) verify that the signature is valid. B) verify that the signer is our organization. Because this is in an installer, and because this needs to run on older Win2k installations, I...

CAPICOM - Verify SignedCode is from a Trusted Publisher without UI

I'm using CAPICOM in a .NET 3.0 C# app to check an Authenticode signature on an exe file. I need to make sure that the certificate is listed as a Trusted Publisher. Using signedCode.Verify(true) will show a dialog if the certificate is not already trusted, so the user can choose whether or not to do so. However, signedCode.Verify(false) ...

How to verify a binary signed with a self-signed certificate?

We want to add automatic software updates to our application, but our company isn't yet ready to buy a code-signing certificate from a trusted root CA, so we'll be using a self-signed certificate to sign code updates (.exe and .dll) for now. Question: how to verify a binary signed with a self-signed certificate, without having to instal...

unknown publisher warning on unique downloads

We have an exe file delivered by an ASP.NET application. This binary is actually modified on the fly in memory. Is there any way to sign the modified exe with authenticode in memory without writing to disk? There's probably no way to sign the original exe and still keep the signature valid after modification. We thought about using ra...

Which code signing authority should I go with?

I'm looking at options to buy a code signing certificate for my company. I want it to be usable for MS Authenticode and also for Java and I want it to be trusted with the default trusted authority list that ships with a new install of Windows (ie. I don't want the use to have to add a new trusted authority). I've seen previous discussio...

How do I set the http proxy in a subshell launched from a windows service

I am writing a windows service which takes an uploaded file, runs signtool.exe on it to do the signing and timestamping and then serves the signed file back. The code for this works when run as a standalone server using twisted however if I try and run it as a service it fails with the error "Signing succeeded, but an error occurred whi...

MSI - Uninstall gives "Unidentified Publisher"

I have created an MSI installer using Visual Studio 2008. I then sign this with signtool.exe and my authenticode certificate. On a Vista x64 test PC, when the MSI is run the expected dialog appears identifying my company as the publisher. However, when the program is uninstalled from Add/Remove Programs, the yellow "Unidentified Publis...

Sign every executable with authenticode certificate through MSBuild

Hello, I have an authenticode certificate (.pfx) which I use to sign executables. How can I configure Team Build so that it signs every single executable (.exe, .dll, ...) automatically while building the project? ...

Cryptographic failure while signing assembly '<assemblyname>.dll' – 'Bad Version of Provider'

I purchased an authenticode certificate from a well known provider. Now I want to strong name an assembly and later on digitally sign it. This is what I've done so far: Extracted public key from pfx by running sn.exe -p keypair.pfx key.snk Checked both "Sign the assembly" and "Delay sign only" checkboxes on project properties signing...

How to define TeamBuild Item Collection with built executables and libraries

After a TeamBuild project built all files, how can I create a collection of all built .exe and .dll files? For instance, I update all AssemblyInfo versions by creating a property and an itemgroup like so: <PropertyGroup> <AssemblyInfoSpec>AssemblyInfo.*</AssemblyInfoSpec> </PropertyGroup> <Target Name="AfterGet" Condition="'$(IsDesk...

Preventing executables with invalid Authenticode signatures from running

We publish an update patch to our software package in a single executable file. The file is signed with an Authenticode digital signature, using the certificate issued to us. The file is downloaded to Windows XP or Vista systems that our customers operate, where they run it in order to update our software. Our PCI compliance auditor h...

How to sign installation files of a Visual Studio .msi

This may be a duplicate, though I can't find it at this time. If so please point me in the right direction. I recently purchased an authenticode certificate from globalsign and am having problems signing my files for deployment. There are a couple of .exe files that are generated by a project and then put into a .msi. When I sign the .e...

What happened to signwizard in signtool of Windows SDK 7.0?

I'm looking for the convenient signwizard in signtool.exe but cannot find it anymore in the Windows SDK 7.0. Is it in a separate tool now or is there only the CLI left? ...

Find out if assembly is signed with Authenticode

I use an assembly of a 3rd party vendor. In an older version this assembly used authenticode. This caused the assembly loading to last quiet long. The developer of the vendor told me that the new version is not signed with authenticode. How can I check if this is true. On my development machine the assembly loading was quiet fast. Only ...

Software Publisher Certificates and Strong Name Keys are they related?

Should a Software Publisher Certificate granted by a third-part Certification Authority be used to generate a Strong Name Key for use with .NET assemblies? Edit: Another way of stating the question is whether code-signing and strong name keys have anything to do with each other or are they each worlds unto their own? ...

When/why does Internet Explorer block installation of a (signed) ActiveX control?

When the user visits a page that contains a signed ActiveX control that has never been seen before, I'd expect IE to ask the user for permission to install the control. But sometimes IE puts up a security warning instead. For example, consider this site, which has a test control: http://www.pcpitstop.com/testax.asp I'd expect to get th...

How do I use signtool.exe correctly in hudson running as a service?

I just purchased a code signing cert (MS authenticode) from THAWTE and have installed it apparently on my build machine. I am logged in as a user and when I open a cmd prompt I can sign EXEs using the cert with signtool.exe. Unfortunately this same command line does not work in the hudson process that is running on the machine. the er...

How can I sign an ActiveX control with a code signing certificate and be a verified publisher?

I'm trying to sing an ActiveX control with a code signing certificate issued by Thawte. I was able to successfully sign the control using signtool.exe. When I look at the file properties, it says "The certificate in the signature cannot be verified." When I view the certificate it says "Windows does not have enough information to ve...

How can I verify signature of a Powershell .ps1 script using C#?

I have some signed .ps1 script, I need to verify they are properly signed from a C# project, is there any algorithm or library to do this? Thanks! ...