Hi

I have a windows executable that was generated on a linux machine using Installbuilder. I would like to codesign it but I cannot do it on a linux machine. I have tried two different linux utilities for this, osslsigncode and Mono´s signcode.

The Mono´s signcode displays the following output when run:

Mono SignCode - version 2.10.8.0 Sign assemblies and PE files using Authenticode(tm). Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.

Enter password for key.pvk: PASSWORD

Success

Then I move the file to a windows machine and check the signature and there is none. I used a program called PE Viewer to look into the exe file and the certificates are there but a link checksum and a real checksum do not match.

When running the osslsigncode utility, I get the following error message:

Enter PEM pass phrase:

Corrupt PE file - current signature not at end of file: Installer.exe

Failed

and no output file is generated.

This would indicate that the linux utilities are somewhat broken when it comes to codesigning. So I tried another exe file, notepad++.exe to be exact, and I signed that on the linux machine with Mono´s signcode and that worked perfectly.

There is no problem codesigning my installer on a windows machine but since my build procedures are all based on linux I would prefer have the codesigning there as well.

Do you guys have any idea what is going on? Is there a difference in how these executables are structured?

With regards, Elvar

asked 26 Sep '14, 06:38

Elvar%20%C3%9E%C3%B3r%20%C3%93lafsson's gravatar image

Elvar Þór Ól...
1111
accept rate: 0%


Unfortunately we do not have experience in the signcode tool from Mono.

As for file structure, InstallBuilder appends its payload after the binary part, which is a common practice, but may cause what causes the issue with the signcode tool.

Please contact us at support@bitrock.com and provide exact InstallBuilder version, command line to sign used to sign and output of:

tail --bytes=131072 Installer.exe | hd

Before the signing process.

link

answered 26 Sep '14, 09:56

wojciechka's gravatar image

wojciechka ♦♦
7.8k61122
accept rate: 26%

Hi

I tried running the tail command but I get an error on the hd part. Can you tell me what this hd tool is?

With regards, Elvar

link

answered 29 Sep '14, 05:38

Elvar%20%C3%9E%C3%B3r%20%C3%93lafsson's gravatar image

Elvar Þór Ól...
1111
accept rate: 0%

You can replace "hd" with "hexdump". In any case, have you tried using "osslsigncode" to do the signing? Thats should work on Linux.

link

answered 29 Sep '14, 07:27

juanjo's gravatar image

juanjo ♦♦
5.8k413
accept rate: 23%

Yeah I also tried this with osslsigncode:

osslsigncode -spc authenticode.spc -key certificate.key -t http://timestamp.verisign.com/scripts/timstamp.dll -in Installer.exe -out InstallerSigned.exe

Corrupt PE file - current signature not at end of file: Installer.exe

Failed

osslsigncode seems to check whether some certificate structure is in place on the file before trying to sign it.

With regards, Elvar

link

answered 29 Sep '14, 12:07

Elvar%20%C3%9E%C3%B3r%20%C3%93lafsson's gravatar image

Elvar Þór Ól...
1111
accept rate: 0%

We will try to reproduce it. Could it be that the installer already have a signature? (even if it is corrupted). Could you retry with a clean installer?

(30 Sep '14, 05:22) juanjo ♦♦

Hi, I tried again with a clean installer and now it worked :) It is possible that I may have corrupted the file myself. You can ignore the email I sent you regarding this issue.

Thank you for your help.

With regards, Elvar

(30 Sep '14, 06:34) Elvar Þór Ól...
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×73
×10

Asked: 26 Sep '14, 06:38

Seen: 2,163 times

Last updated: 30 Sep '14, 06:34