Jump to content

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here. X
X


Photo

Digital Signatures and Timestamp with SSL Certificates


  • Please log in to reply
23 replies to this topic

#1 usabrad86

usabrad86

    Seeker

  • Active Members
  • 14 posts

Posted 14 June 2011 - 03:46 AM

i think found a new way to sign a our compiled exe files....(other then scripting.signer or signtool)

You may need to download the CAPICOM redistributable from Microsoft:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=860ee43a-a843-462f-abb5-ff88ea5896f6

AutoIt         
;~ --------------------------------- File Handling  --------------------------------- If $CmdLine[0]<1 Then     $TheFile = FileSaveDialog('Select File', @ScriptDir,"All (*.*)") Else     $TheFile=$CmdLine[1] EndIf Sleep(1000) ;~ --------------------------------- Initialize Error Handler ------------------------ $oMyError = ObjEvent("AutoIt.Error","MyErrFunc") ;~ --------------------------------- Create COM objects ------------------------------ $oSignerCode = ObjCreate("CAPICOM.SignedCode.1") $oSigner = ObjCreate("CAPICOM.Signer.1") ;~ --------------------------------- Who Is Signing ---------------------------------- $oSigner.Load ("objectSignCert.p12", "certPassword") ;~ $oSigner.Options = CAPICOM.CAPICOM_CERTIFICATE_INCLUDE_OPTION.CAPICOM_CERTIFICATE_INCLUDE_END_ENTITY_ONLY ;~ --------------------------------- Sign it ----------------------------------------- $oSignerCode.FileName = $TheFile $desc = InputBox("Description","Add a Description.. EX.. My Project Name v.01") if not $desc = "" then $oSignerCode.Description = $desc $oSignerCode.Sign($oSigner) ;~ --------------------------------- TimeStampIt ------------------------------------- $oSignerCode.Timestamp("http://timestamp.verisign.com/scripts/timestamp.dll") ;~ --------------------------------- Clear Memory ------------------------------------ $oSignerCode = "" $oSigner = "" ;~ --------------------------------- Error Handling  -------------------------------- Func MyErrFunc()   Local $HexNumber=hex($oMyError.number,8)   Msgbox(48,@ScriptName,"An error has been encountered"       & @CRLF  & @CRLF & _              "  description: " & @TAB & $oMyError.description    & @CRLF & _              "             : " & @TAB & $oMyError.windescription & @CRLF & _              " error number: " & @TAB & $HexNumber               & @CRLF & _              "last dllerror: " & @TAB & $oMyError.lastdllerror   & @CRLF & _              "  line number: " & @TAB & $oMyError.scriptline     & @CRLF & _              "       source: " & @TAB & $oMyError.source         & @CRLF & _              "    help file: " & @TAB & $oMyError.helpfile       & @CRLF & _              "  helpcontext: " & @TAB & $oMyError.helpcontext _                           )   SetError(1)  ;~ to check for after this function returns EndFunc Exit


Ive set this up as a drag and dropOnTo exe...
i wanted to create this because i didn't wanna open up signtool.exe and do pointless clicking every time.
and the scripting.signer.... Just doesn't do Time-stamping....

let me know if theres a problem

I got a little more info and stuff on this madder

to only timestamp useing the capicom.dll (you can only timestamp the file after its been signed)
AutoIt         
;~ --------------------------------- File Handling  --------------------------------- If $CmdLine[0]<1 Then     $TheFile = FileSaveDialog('Select File', @ScriptDir,"All (*.*)") Else     $TheFile=$CmdLine[1] EndIf if $TheFile= "" then exit(99) Sleep(1000) ;~ --------------------------------- Initialize Error Handler ------------------------ $oMyError = ObjEvent("AutoIt.Error","MyErrFunc") ;~ --------------------------------- Create COM objects ------------------------------ $oSignerCode = ObjCreate("CAPICOM.SignedCode.1") ;~ --------------------------------- What to Time Stamp ------------------------------ $oSignerCode.FileName = $TheFile ;~ --------------------------------- TimeStampIt ------------------------------------- $oSignerCode.Timestamp("http://timestamp.verisign.com/scripts/timestamp.dll") ;~ --------------------------------- Clear Memory ------------------------------------ $oSignerCode = "" ;~ --------------------------------- Error Handling  -------------------------------- Func MyErrFunc()   Local $HexNumber=hex($oMyError.number,8)   Msgbox(48,@ScriptName,"An error has been encountered"       & @CRLF  & @CRLF & _              "  description: " & @TAB & $oMyError.description    & @CRLF & _              "             : " & @TAB & $oMyError.windescription & @CRLF & _              " error number: " & @TAB & $HexNumber               & @CRLF & _              "last dllerror: " & @TAB & $oMyError.lastdllerror   & @CRLF & _              "  line number: " & @TAB & $oMyError.scriptline     & @CRLF & _              "       source: " & @TAB & $oMyError.source         & @CRLF & _              "    help file: " & @TAB & $oMyError.helpfile       & @CRLF & _              "  helpcontext: " & @TAB & $oMyError.helpcontext _             )   SetError(1)  ;~ to check for after this function returns EndFunc Exit


so you can use the "Scripting.Signer" method to sign the file if you wanted too..
http://www.autoitscript.com/forum/topic/124467-verifying-signed-files/page__view__findpost__p__865990

for more info on the objects in the capicom.dll look at
http://msdn.microsoft.com/en-us/library/aa380254(v=VS.85).aspx

Edited by usabrad86, 14 June 2011 - 03:25 PM.








#2 shai

shai

    Wayfarer

  • Active Members
  • Pip
  • 97 posts

Posted 14 June 2011 - 06:36 AM

the CAPICOM redistributable link is broken

real link is:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=860ee43a-a843-462f-abb5-ff88ea5896f6

and http://timestamp.verisign.com/scripts/timestamp.dll says "File not found".
i think you can use this:
http://www.trustcenter.de/codesigning/timestamp

Edited by shai, 14 June 2011 - 06:46 AM.


#3 Jon

Jon

    Up all night to get lucky

  • Administrators
  • 10,572 posts

Posted 14 June 2011 - 07:44 AM

We sign the autoit exes by driving the signtool GUI which is a bit lame. I've never had the time to look at a scripted solution so this might be useful.

#4 usabrad86

usabrad86

    Seeker

  • Active Members
  • 14 posts

Posted 14 June 2011 - 01:42 PM

http://timestamp.verisign.com/scripts/timestamp.dll says "File not found".
i think you can use this:
http://www.trustcenter.de/codesigning/timestamp

the timestamp.dll from verisign is working for me... its not something you Download... its a link to there timestamper server. witch supplies a RCP connection to a Atomic Clock
I suggest looking for the timestamp URL from the provider you got your SSL cert from...

We sign the autoit exes by driving the signtool GUI which is a bit lame. I've never had the time to look at a scripted solution so this might be useful.

Thanks Jon for showing interest in my script :huh2:

#5 Valik

Valik

    Former developer.

  • Active Members
  • PipPipPipPipPipPip
  • 18,879 posts

Posted 14 June 2011 - 02:43 PM

We sign the autoit exes by driving the signtool GUI which is a bit lame. I've never had the time to look at a scripted solution so this might be useful.

And I've always hated how we do it but it works and I've never been arsed to bother looking into a cleaner way. One of these days I'm going to set up a self-signed certificate just so I can sign my own personal binaries for UAC prompt purposes, maybe then when I get more familiar with how signing works I'll see a cleaner way.

#6 usabrad86

usabrad86

    Seeker

  • Active Members
  • 14 posts

Posted 14 June 2011 - 03:40 PM

i figured i would give the scripting.signer version also

AutoIt         
;~ --------------------------------- File Handling  --------------------------------- If $CmdLine[0]<1 Then     $TheFile = FileSaveDialog('Select File', @ScriptDir,"All (*.*)") Else     $TheFile=$CmdLine[1] EndIf if $TheFile= "" then exit(99) Sleep(1000) ; --------------------------------- Sign it ---------------------------------- $oSigner = ObjCreate("Scripting.Signer") $oSigner.SignFile ($TheFile, "***Put the name of your signature here***") $oSigner = "" ; --------------------------------- TimeStampIt ------------------------------ $oSignerCode = ObjCreate("CAPICOM.SignedCode.1") $oSignerCode.FileName = $TheFile $oSignerCode.Timestamp("<a href='http://timestamp.verisign.com/scripts/timestamp.dll' class='bbc_url' title='External link' rel='nofollow external'>http://timestamp.verisign.com/scripts/timestamp.dll"</a>) $oSignerCode = "" ;~ --------------------------------- Error Handling  -------------------------------- Func MyErrFunc()   Local $HexNumber=hex($oMyError.number,8)   Msgbox(48,@ScriptName,"An error has been encountered"       & @CRLF  & @CRLF & _              "  description: " & @TAB & $oMyError.description    & @CRLF & _              "             : " & @TAB & $oMyError.windescription & @CRLF & _              " error number: " & @TAB & $HexNumber               & @CRLF & _              "last dllerror: " & @TAB & $oMyError.lastdllerror   & @CRLF & _              "  line number: " & @TAB & $oMyError.scriptline     & @CRLF & _              "       source: " & @TAB & $oMyError.source         & @CRLF & _              "    help file: " & @TAB & $oMyError.helpfile       & @CRLF & _              "  helpcontext: " & @TAB & $oMyError.helpcontext _             )   SetError(1)  ;~ to check for after this function returns EndFunc Exit

Edited by usabrad86, 14 June 2011 - 03:46 PM.


#7 Syed23

Syed23

    Mass Spammer! - It's Me

  • Active Members
  • PipPipPipPipPipPip
  • 544 posts

Posted 22 June 2011 - 12:59 PM

i figured i would give the scripting.signer version also

AutoIt         
;~ --------------------------------- File Handling  --------------------------------- If $CmdLine[0]<1 Then     $TheFile = FileSaveDialog('Select File', @ScriptDir,"All (*.*)") Else     $TheFile=$CmdLine[1] EndIf if $TheFile= "" then exit(99) Sleep(1000) ; --------------------------------- Sign it ---------------------------------- $oSigner = ObjCreate("Scripting.Signer") $oSigner.SignFile ($TheFile, "***Put the name of your signature here***") $oSigner = "" ; --------------------------------- TimeStampIt ------------------------------ $oSignerCode = ObjCreate("CAPICOM.SignedCode.1") $oSignerCode.FileName = $TheFile $oSignerCode.Timestamp("<a href='http://timestamp.verisign.com/scripts/timestamp.dll' class='bbc_url' title='External link' rel='nofollow external'>http://timestamp.verisign.com/scripts/timestamp.dll"</a>) $oSignerCode = "" ;~ --------------------------------- Error Handling  -------------------------------- Func MyErrFunc()   Local $HexNumber=hex($oMyError.number,8)   Msgbox(48,@ScriptName,"An error has been encountered"       & @CRLF  & @CRLF & _              "  description: " & @TAB & $oMyError.description    & @CRLF & _              "             : " & @TAB & $oMyError.windescription & @CRLF & _              " error number: " & @TAB & $HexNumber               & @CRLF & _              "last dllerror: " & @TAB & $oMyError.lastdllerror   & @CRLF & _              "  line number: " & @TAB & $oMyError.scriptline     & @CRLF & _              "       source: " & @TAB & $oMyError.source         & @CRLF & _              "    help file: " & @TAB & $oMyError.helpfile       & @CRLF & _              "  helpcontext: " & @TAB & $oMyError.helpcontext _             )   SetError(1)  ;~ to check for after this function returns EndFunc Exit


Hi,

Today i got an oportunicyt to download this code and i gave a try. but i am getting below messages. could you please help me? i have installed CAPICOM as well...
Thank you,Regards,K.Syed Ibrahim.

#8 Tlem

Tlem

    Universalist

  • Active Members
  • PipPipPipPipPipPip
  • 332 posts

Posted 30 October 2011 - 11:34 AM

May be it's late, but it can help someone else.

The Capicom.dll must be regserved and the certificate must be installed in Windows certificate store.

I have updated the code for signing with some error handler and some additions.

AutoIt         
; Digital Signatures and Timestamp ; This script is based on this links : ; <a href='http://www.autoitscript.com/forum/topic/66202-digital-code-signing-your-scrip' class='bbc_url' title=''>http://www.autoitscript.com/forum/topic/66202-digital-code-signing-your-scrip</a> ; <a href='http://www.autoitscript.com/forum/topic/129720-digital-signatures-and-timestamp-with-ssl-certificates' class='bbc_url' title=''>http://www.autoitscript.com/forum/topic/129720-digital-signatures-and-timestamp-with-ssl-certificates</a> ; The following are requested : ; The CapiCom.dll must be regserved in Windows system dir. ; The certificate must be installed in Windows certificate store. ; A web access (for TimeStamp). OnAutoItExitRegister("ExitFunc") Global $SrcFile = FileSaveDialog('Select File', @ScriptDir, "Au3 File (*.Au3)") If $SrcFile = "" Then Exit (0) Global $DateAndTime = @YEAR & @MON & @MDAY & "-" & @HOUR & @MIN & @SEC Global $DstFile = StringTrimRight($SrcFile, 4) & "_" & $DateAndTime & "_Signed.au3" Global $TmpFile = $SrcFile & $DateAndTime & ".vbs" Global $SignName = InputBox("Certificate Name", "Type the name of your certificate") If $SignName = "" Then Exit (0) If Not FileCopy($SrcFile, $TmpFile) Then Exit (0) EndIf ; Initialize error handler $oMyError = ObjEvent("AutoIt.Error", "MyErrFunc") ; --------------------------------- Sign it ---------------------------------- $oSigner = ObjCreate("Scripting.Signer") $oSigner.SignFile($TmpFile, $SignName) If @error then Exit $oSigner = "" ; --------------------------------- Sign it ---------------------------------- ; --------------------------------- TimeStampIt ------------------------------ If Ping("www.google.com", 250) Then $oSignerCode = ObjCreate("CAPICOM.SignedCode.1") $oSignerCode.FileName = $TmpFile $oSignerCode.Timestamp("<a href='http://timestamp.verisign.com/scripts/timestamp.dll' class='bbc_url' title='External link' rel='nofollow external'>http://timestamp.verisign.com/scripts/timestamp.dll</a>") If @error then Exit $oSignerCode = "" EndIf ; --------------------------------- TimeStampIt ------------------------------ If Not @error And FileMove($TmpFile, $DstFile) = 1 Then MsgBox(64 + 262144, "SignCode", "The file '" & $DstFile & "' have been created." & @TAB) Exit EndIf ; -------------------------------- Error handler ----------------------------- Func MyErrFunc() Local $HexNumber = Hex($oMyError.number, 8) MsgBox(48, @ScriptName, "An error has been encountered" & @CRLF & @CRLF & _    "  description: " & @TAB & $oMyError.description & @CRLF & _    "             : " & @TAB & $oMyError.windescription & @CRLF & _    " error number: " & @TAB & $HexNumber & @CRLF & _    "last dllerror: " & @TAB & $oMyError.lastdllerror & @CRLF & _    "  line number: " & @TAB & $oMyError.scriptline & @CRLF & _    "       source: " & @TAB & $oMyError.source & @CRLF & _    "    help file: " & @TAB & $oMyError.helpfile & @CRLF & _    "  helpcontext: " & @TAB & $oMyError.helpcontext _    ) SetError(1) ; to check for after this function returns EndFunc   ;==>MyErrFunc ; -------------------------------- Error handler ----------------------------- ; -------------------------------- Exit Function ----------------------------- Func ExitFunc() If FileExists($TmpFile) Then   FileDelete($TmpFile) EndIf Exit EndFunc ; -------------------------------- Exit Function ----------------------------- Exit ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;     Signature block follows      ;;;;;;;; ;;;;;;;; Must be removed before compiling ;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Edited by Tlem, 11 August 2014 - 08:02 AM.

Best Regards.Thierry

#9 prazetto

prazetto

    Wayfarer

  • Active Members
  • Pip
  • 61 posts

Posted 26 November 2011 - 02:39 PM

Also make sure Internet Explorer setting are not working on offline mode.
Go to Internet Explorer --> File --> make sure are Work Offline menu not be checked.

This setting affected to: signcode.exe, capicom.dll and all application based on ie
Or you will get this error:

description   : The timestamp server cannot be reached. error number  : 80020009 last dllerror : 0 line number   : 18 helpcontext   : 0

logo.jpg

# CoreFX - LibraryCall - Implementation of widerange calling convention. cdecl, stdcall, fastcall, register, safecall, pascal, thiscall, ms64.

# Button. Progressbar - Graphical AutoIt3 Control (UDF)    # GTK on AutoIt3 - GTK+ Framework | Widgets


#10 Tardis

Tardis

    Seeker

  • Active Members
  • 22 posts

Posted 11 August 2014 - 12:58 AM

I know this Post is Old but im trying to use the Code posted via

Tlem

but I get this error -

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
"sign1.au3"(33,205) : error: syntax error
$oSignerCode.Timestamp("<a href='http://timestamp.verisign.com/scripts/timestamp.dll' class='bbc_url' title='External link' rel='nofollow external'>http://timestamp.verisign.com/scripts/timestamp.dll"</a>)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
"sign1.au3"(33,204) : error: a(): undefined function.

 

any help would be fantastic .



#11 Tlem

Tlem

    Universalist

  • Active Members
  • PipPipPipPipPipPip
  • 332 posts

Posted 11 August 2014 - 07:56 AM

Hi Tadis.

It seems that there is a notation error. Move the double quote after </a>

I have edited my previous example code.

$oSignerCode.Timestamp("<a href='http://timestamp.verisign.com/scripts/timestamp.dll' class='bbc_url' title='External link' rel='nofollow external'>http://timestamp.verisign.com/scripts/timestamp.dll"</a>)

should be

$oSignerCode.Timestamp("<a href='http://timestamp.verisign.com/scripts/timestamp.dll' class='bbc_url' title='External link' rel='nofollow external'>http://timestamp.verisign.com/scripts/timestamp.dll</a>")

Edited by Tlem, 11 August 2014 - 08:01 AM.

Best Regards.Thierry

#12 Tardis

Tardis

    Seeker

  • Active Members
  • 22 posts

Posted 11 August 2014 - 10:33 AM

Thanks Tlem - I was looking there as well just did not click in my head about the speech marks - at least that bit is fixed :D

 

Problem now is I get this ?

 

 

 

Bilderman 2014.08.11 11-58-50.png


Edited by Tardis, 11 August 2014 - 11:00 AM.


#13 Tlem

Tlem

    Universalist

  • Active Members
  • PipPipPipPipPipPip
  • 332 posts

Posted 11 August 2014 - 03:38 PM

Have you this requirement?

; The following are requested :
; The CapiCom.dll must be regserved in Windows system dir.
; The certificate must be installed in Windows certificate store.
; A web access (for TimeStamp).

Best Regards.Thierry

#14 Tardis

Tardis

    Seeker

  • Active Members
  • 22 posts

Posted 11 August 2014 - 04:01 PM

Ah the  >_<

CapiCom.dll was in 

C:\Program Files (x86)\Common Files\microsoft shared\CAPICOM

 

not C:\Windows\System32

 

the cert is in C:\Windows\System32

 

web - i can get to ?

 

I tyed again now I have this :

 

 

 

Bilderman 2014.08.11 16-56-49.png

 

 



#15 Tardis

Tardis

    Seeker

  • Active Members
  • 22 posts

Posted 11 August 2014 - 04:20 PM

Ah think I just sorted it the problem - Delete old complie first ! - when I run the Exe The UAC still says Unknown Publisher ?



#16 Tlem

Tlem

    Universalist

  • Active Members
  • PipPipPipPipPipPip
  • 332 posts

Posted 11 August 2014 - 04:31 PM

I confirm that this script is very old. It was intented tu ran on AutoIt v3.3.8.x.

And I'm not sure that Timestamp link is still ok.

 

Maybe it must be updated tu run on new version of AutoIt (COM handling and script breaking). ^^


Best Regards.Thierry

#17 Tardis

Tardis

    Seeker

  • Active Members
  • 22 posts

Posted 11 August 2014 - 04:35 PM

Could be the Autoit ?? - Im runinng the 3.3.12.0 , Thank you Tlem for your time maybe some can shead some light on this ?



#18 Tlem

Tlem

    Universalist

  • Active Members
  • PipPipPipPipPipPip
  • 332 posts

Posted 11 August 2014 - 04:47 PM

Well, I have no time to make debugging for that, but to make what you want, I think you probably should use this : http://www.briggsoft.com/signgui.htm

 

If you can understand French, you can read this tuto that I have wrote in 2011. ^^


Best Regards.Thierry

#19 Tardis

Tardis

    Seeker

  • Active Members
  • 22 posts

Posted 11 August 2014 - 07:10 PM

I tryed the signgui first followed the instutions to the letter though i have problem with framework 4.x SDK cant seam to install it so all i get is a error :(


Edited by Tardis, 11 August 2014 - 07:11 PM.


#20 Tlem

Tlem

    Universalist

  • Active Members
  • PipPipPipPipPipPip
  • 332 posts

Posted 11 August 2014 - 10:46 PM

Extract from my tutorial :

Download :

.NET Framework 2.0 Software Development Kit (SDK) (x86)

or
.NET Framework 2.0 Software Development Kit (SDK) (x64)

 

With SevenZip, open the Setup.exe and open again the netfxsd1.cab.

 

From there you can extract where you want :

 

For the x86 version :

FL_signtool_exe_102951_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 and rename it signtool.exe
FL_CapiCom_dll_141190_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 and rename it CapiCom.dll

 

If you want to make your selfcert, you can extract these files too :

FL_makecert_exe_____X86.3643236F_FC70_11D3_A536_0090278A1BB8  and rename it makecert.exe

FL_cert2spc_exe_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 and rename it cert2spc.exe
FL_certmgr_exe_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 and rename it certmgr.exe

 

With the first 2 tools you can use signgui. ;)

With the other, you can create your selfcert (read my tuto).

 

And for exporting your certificate : pvkimprt.exe


Edited by Tlem, 11 August 2014 - 10:48 PM.

Best Regards.Thierry




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users