PDA

View Full Version : Code-signing in 4640 GEN1053 error 1 again


NewsArchive
01-04-2015, 11:08 AM
Code-signing was working fine until I installed build 4640 but now I'm
getting GEN1053 error 1 again.

1. My certificate and password are correct and have not changed. In fact
I tried to code-sign using the following in CMD window:

"C:\PDFX-Gold\PDFX-SDK4\Clarion\Certificate\signtool.exe" sign /f
"C:\PDFX-Gold\PDFX-SDK4\Clarion\Certificate\tracker.cert.2014.pfx" /p
[password]
"C:\Users\Public\Documents\SoftVelocity\Clarion9\ac cessory\TrackerSP\PDF-Tools41\imgpdf41.exe"

where [password] is our cert's PW, and got the response:

Done Adding Additional Store
Successfully signed:
C:\Users\Public\Documents\SoftVelocity\Clarion9\ac cessory\TrackerSP\PDF-Tools41\imgpdf41.exe

In addition I have double checked the File Location for SignTool.exe and
the certificate in the SetupBuilder script and they both seem correct.
Capicom.dll 2.1.0.2 is installed in the SignTool.exe folder as well.

Any suggestions would be appreciated.
--

Craig E. Ransom
Tracker Software Products, Ltd.
http://tracker-software.com/
NewsArchive
01-04-2015, 11:17 AM
> Code-signing was working fine until I installed build 4640 but now I'm
> getting GEN1053 error 1 again.

Please see this:

http://www.lindersoft.com/forums/showthread.php?p=81212#post81212

You are using an old signtool.exe (does not support trusted time-stamping):

www.setupbuilder.com
SetupBuilder Sales
NewsArchive
01-05-2015, 03:10 AM
Hi Friedrich!

I think I understand.

But before I go disabling something that might be useful, do you know of
a substitute for signtool.exe that supports RFC 3161 timestamps?

Thanks!

Craig E. Ransom
Tracker Software Products, Ltd.
http://tracker-software.com/
NewsArchive
01-05-2015, 03:11 AM
Hi, Craig,

If there were a replacement for signtool... (that could just be downloaded
by itself... or even redistributed...) wouldn't life be grand??? LOL....

Most of my SetupBuilder stuff is on a Windows 7 machine that has the "old"
version of signtool. Which won't work with the /tr switch for the 3161
timestamps.

I tried running the Windows 8.1 version of signtool (6.3.9600.16384) on my
Win7 machine (just copied the .exe) and it will sign an app but barfs at
timestamping.

So I've reconciled myself to moving code-signing-related stuff onto the 8.1
VM.

There's more in this thread (specifically the third post):
http://www.lindersoft.com/forums/showthread.php?t=44897

jf
NewsArchive
01-05-2015, 03:12 AM
As an update to that...
I tried copying more stuff to a folder on my Win7 machine just now -

signtool.exe and all of the DLLs from the

c:\program files (x86)\Windows Kits\8.1\bin\x86

folder.

And now invoking the 8.1 signtool from that folder that also has all the
DLLs, it did sign and timestamp an .exe using a 3161 server
(http://timestamp.comodoca.com/rfc3161)

Playing a bit more, it seems that the new signtool.exe only actually
requires the mssign32.dll file.

So it looks as if you can grab the tools off an 8 or 8.1 machine and make
them work on Win7.

But YMMV and comes with the usual two foot guarantee ;-)

Jane