Authenticode
-
- Posts: 7
- Joined: Mon Nov 03, 2008 12:29 am
Authenticode
Hi
Can anyone tell me how to use Authenticode? How to generate the needed certificates?
I tried by using .pfx certificate but it gives an error while building "code can not be signed"
it's urgent
Can anyone tell me how to use Authenticode? How to generate the needed certificates?
I tried by using .pfx certificate but it gives an error while building "code can not be signed"
it's urgent
Thanks
-
- Posts: 3452
- Joined: Thu Dec 22, 2005 7:17 pm
- Contact:
You want to convert your PFX into an SPC and PVK file pair for them to work with InstallAware.
Last edited by MichaelNesmith on Thu Jan 07, 2010 8:28 pm, edited 1 time in total.
Michael Nesmith
InstallAware
Home of The Next Generation MSI Installer
Get your free copy today - http://www.installaware.com/
InstallAware
Home of The Next Generation MSI Installer
Get your free copy today - http://www.installaware.com/
-
- Posts: 7
- Joined: Mon Nov 03, 2008 12:29 am
Authenticode
Hi
Please find the attachment.
Refering to the above post, when i mentioned PFX file, i refered to the location where it says "Private Key File". so i loaded a .pfx file.
If i'm wrong please let me know how to go about the certificates and the Authenticode cause i need to get this working.
Thanks
File Attached:
key.bmp
Please find the attachment.
Refering to the above post, when i mentioned PFX file, i refered to the location where it says "Private Key File". so i loaded a .pfx file.
If i'm wrong please let me know how to go about the certificates and the Authenticode cause i need to get this working.
Thanks
File Attached:
key.bmp
Thanks
-
- Posts: 3452
- Joined: Thu Dec 22, 2005 7:17 pm
- Contact:
I believe some certificate vendors provide instructions on conversions. Just contact their technical support for help. They might even be able to mail you the files in the correct format.
Last edited by MichaelNesmith on Thu Jan 07, 2010 8:29 pm, edited 1 time in total.
Michael Nesmith
InstallAware
Home of The Next Generation MSI Installer
Get your free copy today - http://www.installaware.com/
InstallAware
Home of The Next Generation MSI Installer
Get your free copy today - http://www.installaware.com/
-
- Posts: 66
- Joined: Fri Mar 09, 2007 9:46 am
- Location: Albany, NY
- Contact:
Using Authenticode is pretty straight forward, but a .pfk file is not a "Private Key File". Private key files typically have the extension ".pvk". A .pfk file is usually the public key file. Did your certificate issuer supply you with a file with a ".pvk" extension?
You will also need a "Software Publishing Certificate" (*.spc or *.cer file) . It's been a while since I've had to work with Authenticode files, but I believe that you create the .pfk file from the .pvk and .spc files.
The following links have a lot of helpful information.
https://search.thawte.com/support/ssl-d ... &id=SO2706
http://msdn2.microsoft.com/en-us/library/aa906332.aspx
http://forums.microsoft.com/MSDN/ShowPo ... 9&SiteID=1
http://www.pantaray.com/signcode.html
You will also need a "Software Publishing Certificate" (*.spc or *.cer file) . It's been a while since I've had to work with Authenticode files, but I believe that you create the .pfk file from the .pvk and .spc files.
The following links have a lot of helpful information.
https://search.thawte.com/support/ssl-d ... &id=SO2706
http://msdn2.microsoft.com/en-us/library/aa906332.aspx
http://forums.microsoft.com/MSDN/ShowPo ... 9&SiteID=1
http://www.pantaray.com/signcode.html
Also make sure you request the cert from the provider using Windows XP, not Vista - if using Vista you wont be prompted to save the private key file, instead its stored somewhere in the registry and you cant export it.
If its too late then reissues are usually free.
Once you have the .pvk and .spc files sorted signing with IA is a piece of cake.
You can sign dll's etc with .PFX using other tools available from Microsoft - signcode.exe.
You can create a .pfx from a .pvk and .spc using pvkimprt.exe
Dave
If its too late then reissues are usually free.
Once you have the .pvk and .spc files sorted signing with IA is a piece of cake.
You can sign dll's etc with .PFX using other tools available from Microsoft - signcode.exe.
You can create a .pfx from a .pvk and .spc using pvkimprt.exe
Dave
Not sure if you ever figured this out or not, but since I searched, and had the same hassle of "how do I end up with those two required files when I only have a PFX"...here's some input from me.
Useful site - http://www.matthew-jones.com/articles/codesigning.html
First, I had to get the certificate out of Firefox and install onto my computer, so I could export it to a PFX file. Then, you have to use OpenSSL (only way it seems) to split a PFX files into the two pieces you need to start down the road. However, it takes about 5 steps to arrive at the end result of the two correct files...and dozens of times entering your private key password.
Anyways, it only took me a few minutes once I found the right resources (some listed in this thread + my link + a little bit of googling mostly to find link I posted) to implement and get my setup signed correctly...but it took me an hour or so to compile all the info and sift through it.
Hope this helps someone!
P.S. - If you have availability to use "SignTool" from Windows SDK, it will take a PFX and save you some hassle (however doesn't integrate into InstallAware itself); you need to manually run it, or automate it using FinalBuilder or something similar.
Useful site - http://www.matthew-jones.com/articles/codesigning.html
First, I had to get the certificate out of Firefox and install onto my computer, so I could export it to a PFX file. Then, you have to use OpenSSL (only way it seems) to split a PFX files into the two pieces you need to start down the road. However, it takes about 5 steps to arrive at the end result of the two correct files...and dozens of times entering your private key password.
Anyways, it only took me a few minutes once I found the right resources (some listed in this thread + my link + a little bit of googling mostly to find link I posted) to implement and get my setup signed correctly...but it took me an hour or so to compile all the info and sift through it.
Hope this helps someone!
P.S. - If you have availability to use "SignTool" from Windows SDK, it will take a PFX and save you some hassle (however doesn't integrate into InstallAware itself); you need to manually run it, or automate it using FinalBuilder or something similar.
-
- Posts: 3452
- Joined: Thu Dec 22, 2005 7:17 pm
- Contact:
That's a great post! Promoting to a sticky
Michael Nesmith
InstallAware
Home of The Next Generation MSI Installer
Get your free copy today - http://www.installaware.com/
InstallAware
Home of The Next Generation MSI Installer
Get your free copy today - http://www.installaware.com/
There is a problem with 64 bit Vista/Windows7
I'm told you can't use SPC/PFX files on Vista, you need to use the PFX file format. But the installer doesn't seem to have that facility (InstallAware 9). I have installed the verisign cross certificate in my machine that will build the installs and I'll have the PFX file.
I believe this was largely aimed at Kernel Mode Apps/Drivers. If this isn't kernel mode can I still use SPC/PFX Files on Vista x64/Windows 7 x64 or do I still need to use the PFX file via SignTool:
signtool sign /v /ac "fullpath\\MSCV-VSClass3.cer" /s my /n "Company Cert Name" fullpath\\myfile.exe
I believe this was largely aimed at Kernel Mode Apps/Drivers. If this isn't kernel mode can I still use SPC/PFX Files on Vista x64/Windows 7 x64 or do I still need to use the PFX file via SignTool:
signtool sign /v /ac "fullpath\\MSCV-VSClass3.cer" /s my /n "Company Cert Name" fullpath\\myfile.exe
I am using the 'old' style certificates
And it is letting me sign the main .exe; my main issue now is still a UAC issue, even with the user being admin and 'request elevation' 'always admin' for maximum, we still see an error trying to click the install icon, but when the user runs it from an admin prompt it works. Some digging on the MS forums seem to indicate maybe something is trying to create a temp file in a directory somewhere and being denied permission but no simple resolution.
Have you seen this? Could this be related to the authenticode settings?
Have you seen this? Could this be related to the authenticode settings?
-
- Posts: 46
- Joined: Sat Aug 28, 2010 9:41 am
- Location: Germany
- Contact:
Re: Authenticode
See here as well: http://www.installaware.com/forum/viewtopic.php?f=2&t=5910#p21439
HAHN mediaservice
Inh. Irena Hahn
Seif-Wald-Ring 26
54329 Konz-Roscheid
Tel: +49 6501 6 03 96 79
Fax: +49 6501 9 22 31 29
Inh. Irena Hahn
Seif-Wald-Ring 26
54329 Konz-Roscheid
Tel: +49 6501 6 03 96 79
Fax: +49 6501 9 22 31 29
Re: Authenticode
I'm currently signing my compressed single-file installer externally with signcode because I only have a .pfx file. This works just fine. However I've noticed that after using the signed installer, the CACHED copy - used by the Start menu uninstall shortcut created by IA - is NOT SIGNED.
I imagine this is because I'm not signing from within IA, and therefore the uncompressed stub inside my installer isn't getting signed (the uninstall shortcut points to an uncompressed folder containing all the guts of the installer).
I haven't had a chance to jump through all the hoops to get to a .cer/.pvk solution to test this myself, and won't if that isn't the issue. Can someone confirm that this is my problem? Any suggested workarounds other than the 2-file solution?
I imagine this is because I'm not signing from within IA, and therefore the uncompressed stub inside my installer isn't getting signed (the uninstall shortcut points to an uncompressed folder containing all the guts of the installer).
I haven't had a chance to jump through all the hoops to get to a .cer/.pvk solution to test this myself, and won't if that isn't the issue. Can someone confirm that this is my problem? Any suggested workarounds other than the 2-file solution?
Re: Authenticode
Hello,
I have written some information on how to sign an application exe with InstallAware but also standalone signing with free standard tools. Also there is information of how to convert the certificates from pfx to the spc/pvk pairs which are necessary in InstallAware. Also you find information which certificate you need for signing applications and links to all needed sources.
The page is in written in German, but the scripts are with English names and all with screenshots are included so it is very easy to understand. So it is easy for everyone to understand how to do it with 7 simple steps.
I must say i have goggled a lot of hours and used much support calls until my first signing has functioned…
http://www.eulanda.de/inside/entwickler ... efault.htm
Best regards
Chris
www.eulanda.de
ERP international solutions
I have written some information on how to sign an application exe with InstallAware but also standalone signing with free standard tools. Also there is information of how to convert the certificates from pfx to the spc/pvk pairs which are necessary in InstallAware. Also you find information which certificate you need for signing applications and links to all needed sources.
The page is in written in German, but the scripts are with English names and all with screenshots are included so it is very easy to understand. So it is easy for everyone to understand how to do it with 7 simple steps.
I must say i have goggled a lot of hours and used much support calls until my first signing has functioned…
http://www.eulanda.de/inside/entwickler ... efault.htm
Best regards
Chris
www.eulanda.de
ERP international solutions
Who is online
Users browsing this forum: No registered users and 32 guests