code signing now...

[NewsArchive]

Friedrich,

So I have my code signing certificat which I got back in the 31st of
august of 2014
it's been working fine to codesign with setupbuilder.
so what are the steps that I have to do to make it into a new sha2
certificate use or combined like you talk about?

Best Regards...

Roberto Renz

[NewsArchive]

Roberto,

> So I have my code signing certificat which I got back in the 31st
> of august of 2014 it's been working fine to codesign with setupbuilder.
> so what are the steps that I have to do to make it into a new sha2
> certificate use or combined like you talk about?

You need one of the latest SignTool.exe from Microsoft (at least
6.2.9200.16384) and then use #pragma and set CODESIGN_SHA to 2 for SHA-2
signing (see pragma help).

Does this help?

Friedrich

[NewsArchive]

Ok I tried that..

I have version 10.0.10240.16384 version of signtool
added the #pragma at the start of my script.

compiled and got

Performing pre-checks...
#pragma loaded: CODESIGN_SHA
#pragma CODESIGN_SHA = 2
OK
Script format version detected: 7.0.2600
Adding Digital Certificate (Preprocessor)...
SIGNTOOL: D:\develop\tdeo3\tdeo.exe
SHA2: 1
Compiler error GEN1053: Code signing process failed. Error Code: 1
Script(s) processed


Does that mean my certificate is not adequate or do I have to order
something else?

Best Regards..

Roberto Renz

[NewsArchive]

Roberto,

> Does that mean my certificate is not adequate or do I have to order
> something else?

Did you specify a SHA-2 compliant timestamp server? Are you using a
signtool.exe version (and the required components) that support SHA-2?

Friedrich

[NewsArchive]

Hi Friedrich,
please can you clarify what you mean by "required components" of signtool.exe ?
thanks
Darko

[NewsArchive]

Darko,

> please can you clarify what you mean by "required components" of
> signtool.exe ?

Authenticode needs the CAPICOM component. Sometimes this component is
missing (or not registered) on Windows machines and signtool.exe fails.

Similar to this:
http://www.lindersoft.com/forums/sho...2102#post82260

The component can be downloaded here:
http://www.lindersoft.com/forums/sho...5570#post75570

Friedrich

[NewsArchive]

Friedrich,

ok..

I guess I didn't know about the new stamp server change..
I've always used the comodo one, changing it to the globalsign.com did
the trick.

thank.. you I now what t sha256 signature..

Robi

[NewsArchive]

Friedrich,

what would be the pragma to dual sign sha-1 and sha-2 signatures?

Best Regards...

Roberto Renz

[NewsArchive]

Found it...

#pragma CODESIGN_SHA = "12"

That should do it..

Roberto Renz

[NewsArchive]

Roberto,

#pragma CODESIGN_SHA = "12" is correct.

But please see this:

http://www.lindersoft.com/forums/sho...4559#post84559

Friedrich