authenticode

问题 When signing my ClickOnce deployment via Visual Studio's project "Signing" settings page I specified our SHA2 (SHA256) EV Authenticode certificate and publish. After publishing and attempting to run the bootstrapper (setup.exe) I'm presented with the "Unknown Publisher" in the ClickOnce dialog. The EV certificate in question is valid and running on an eToken hardware token with SafeNet client tools to communicating with the token. Signing regular PE files (exe and dll) with signtool always

问题 I am working on deploying a ClickOnce Application build on .NET 4.5 Here are the facts: I have a valid Comodo Authenticode Certificate The certificate is installed in my local cert store The project properties for "Signing" tab show that the certificate should be used for signing the manifest (I'm not even yet trying to sign the Assemblies for .NET) The proper timestamp server URL is entered for comodo On the Publish tab, the settings are very typical: Publish to a UNC path Installation

问题 I am working on deploying a ClickOnce Application build on .NET 4.5 Here are the facts: I have a valid Comodo Authenticode Certificate The certificate is installed in my local cert store The project properties for "Signing" tab show that the certificate should be used for signing the manifest (I'm not even yet trying to sign the Assemblies for .NET) The proper timestamp server URL is entered for comodo On the Publish tab, the settings are very typical: Publish to a UNC path Installation

问题 I am writing a program that can handle mailto: protocol. In order to allow user to select my program as a default email handler, I registered my program. However, I noticed that some, programs display clickable link to company web site under company name, for example File Explorer. How do I specify a link to my web site so that Default Programs UI shows it when my app is selected? I use Microsoft Visual Studio 2013 ultimate. Here's my program registration details in .reg format: Windows

问题 I have a 3rd party app that is generating an executable for me, but it's putting its own name into the "File description" and "product name" details of the executable. When I sign these with authenticode, it causes the user prompt to show the 3rd party app name rather than my own, even though it's signed with my company's certificate. Is there a way to modify this from the command line, using some msbuild task? I know there are tasks that do this before compilation -- but in this case, I'm

问题 I need to verify code signatures of binaries. Microsoft Authenticode I think is the term. Is there a sane way to do this using the Windows API? 回答1: Have you looked at WinVerifyTrust ? Since it's not immediately obvious how to use it to verify the signature of a binary, you probably want to look at the sample code specifically for that. 回答2: How to find authenticode for drivers: Disclaimer: I did not write this code. BOOL VerifyEmbeddedSignature(LPCWSTR pwszSourceFile) { LONG lStatus; GUID

问题 Trying to get my head around authenticode code-signing and strong-naming. Am I right in thinking that if I code-sign an exe that references a few dlls (not strong named) that a malicious user could replace my DLLs and distribute the app in a way that appears as if it's signed by me, but is running their code? Assuming that's true, it seems like you wouldn't really want to sign a .NET app without strong-naming the whole thing, otherwise you're giving people the ability to execute code under

问题 I am trying to write code that reads signatures (certificates) from DLLs or and EXEs. Most DLLs or EXEs have only one signature, and my code reads all certificates associated with this signature correctly. More specifically it reads signing cert, it's issuer (not root), countersigning cert (with timestamp) and its issuer (not root). I have 2 sample programs in C++ and C#, they both return the same certs. This is C# code, C++ is 100 times longer :) static void Main(string[] args) {

问题 I'm trying to sign an ActiveX control with a code signing certificate issued by Thawte. I was able to successfully sign the control using signtool.exe. When I look at the file properties, it says "The certificate in the signature cannot be verified." When I view the certificate it says "Windows does not have enough information to verify the certificate." On the certification path tab, it says "The issuer of this certificate cannot be found." In internet explorer, the certificate is recognized

问题 I am distributing an authenticode signed self-extracting executable whose content I control. It contains a mushroom of MSI-based installers that controls a hot swap of a distributed system, so it cannot easily be an MSI itself. It would be nice to have if the executable just checked its own authenticode and refused to self-extract if not signed. I do realize that this provides no real integrity guarantee, but it would reinforce the message that the content is in no way customizable and