Jump to content



Photo

Digital Signatures and Timestamp with SSL Certificates

Started by usabrad86 , Jun 14 2011 03:46 AM

  • Please log in to reply
8 replies to this topic

#1 usabrad86

usabrad86

    Seeker

  • Active Members
  • 14 posts

Posted 14 June 2011 - 03:46 AM

i think found a new way to sign a our compiled exe files....(other then scripting.signer or signtool)

You may need to download the CAPICOM redistributable from Microsoft:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=860ee43a-a843-462f-abb5-ff88ea5896f6

AutoIt          
;~ --------------------------------- File Handling  ---------------------------------
If $CmdLine[0]<1 Then
    $TheFile = FileSaveDialog('Select File', @ScriptDir,"All (*.*)")
Else
    $TheFile=$CmdLine[1]
EndIf

Sleep(1000)

;~ --------------------------------- Initialize Error Handler ------------------------
$oMyError = ObjEvent("AutoIt.Error","MyErrFunc")

;~ --------------------------------- Create COM objects ------------------------------
$oSignerCode = ObjCreate("CAPICOM.SignedCode.1")
$oSigner = ObjCreate("CAPICOM.Signer.1")

;~ --------------------------------- Who Is Signing ----------------------------------
$oSigner.Load ("objectSignCert.p12", "certPassword")
;~ $oSigner.Options = CAPICOM.CAPICOM_CERTIFICATE_INCLUDE_OPTION.CAPICOM_CERTIFICATE_INCLUDE_END_ENTITY_ONLY

;~ --------------------------------- Sign it -----------------------------------------
$oSignerCode.FileName = $TheFile
$desc = InputBox("Description","Add a Description.. EX.. My Project Name v.01")
if not $desc = "" then $oSignerCode.Description = $desc
$oSignerCode.Sign($oSigner)
;~ --------------------------------- TimeStampIt -------------------------------------
$oSignerCode.Timestamp("http://timestamp.verisign.com/scripts/timestamp.dll")

;~ --------------------------------- Clear Memory ------------------------------------
$oSignerCode = ""
$oSigner = ""

;~ --------------------------------- Error Handling  --------------------------------
Func MyErrFunc()
  Local $HexNumber=hex($oMyError.number,8)
  Msgbox(48,@ScriptName,"An error has been encountered"       & @CRLF  & @CRLF & _
             "  description: " & @TAB & $oMyError.description    & @CRLF & _
             "             : " & @TAB & $oMyError.windescription & @CRLF & _
             " error number: " & @TAB & $HexNumber               & @CRLF & _
             "last dllerror: " & @TAB & $oMyError.lastdllerror   & @CRLF & _
             "  line number: " & @TAB & $oMyError.scriptline     & @CRLF & _
             "       source: " & @TAB & $oMyError.source         & @CRLF & _
             "    help file: " & @TAB & $oMyError.helpfile       & @CRLF & _
             "  helpcontext: " & @TAB & $oMyError.helpcontext _
             
            )
  SetError(1)  ;~ to check for after this function returns 
EndFunc
Exit


Ive set this up as a drag and dropOnTo exe...
i wanted to create this because i didn't wanna open up signtool.exe and do pointless clicking every time.
and the scripting.signer.... Just doesn't do Time-stamping....

let me know if theres a problem

I got a little more info and stuff on this madder

to only timestamp useing the capicom.dll (you can only timestamp the file after its been signed)
AutoIt          
;~ --------------------------------- File Handling  ---------------------------------
If $CmdLine[0]<1 Then
    $TheFile = FileSaveDialog('Select File', @ScriptDir,"All (*.*)")
Else
    $TheFile=$CmdLine[1]
EndIf
if $TheFile= "" then exit(99)
Sleep(1000)

;~ --------------------------------- Initialize Error Handler ------------------------
$oMyError = ObjEvent("AutoIt.Error","MyErrFunc")

;~ --------------------------------- Create COM objects ------------------------------
$oSignerCode = ObjCreate("CAPICOM.SignedCode.1")
;~ --------------------------------- What to Time Stamp ------------------------------
$oSignerCode.FileName = $TheFile
;~ --------------------------------- TimeStampIt -------------------------------------
$oSignerCode.Timestamp("http://timestamp.verisign.com/scripts/timestamp.dll")
;~ --------------------------------- Clear Memory ------------------------------------
$oSignerCode = ""

;~ --------------------------------- Error Handling  --------------------------------
Func MyErrFunc()
  Local $HexNumber=hex($oMyError.number,8)
  Msgbox(48,@ScriptName,"An error has been encountered"       & @CRLF  & @CRLF & _
             "  description: " & @TAB & $oMyError.description    & @CRLF & _
             "             : " & @TAB & $oMyError.windescription & @CRLF & _
             " error number: " & @TAB & $HexNumber               & @CRLF & _
             "last dllerror: " & @TAB & $oMyError.lastdllerror   & @CRLF & _
             "  line number: " & @TAB & $oMyError.scriptline     & @CRLF & _
             "       source: " & @TAB & $oMyError.source         & @CRLF & _
             "    help file: " & @TAB & $oMyError.helpfile       & @CRLF & _
             "  helpcontext: " & @TAB & $oMyError.helpcontext _
            )
  SetError(1)  ;~ to check for after this function returns 
EndFunc

Exit


so you can use the "Scripting.Signer" method to sign the file if you wanted too..
http://www.autoitscript.com/forum/topic/124467-verifying-signed-files/page__view__findpost__p__865990

for more info on the objects in the capicom.dll look at
http://msdn.microsoft.com/en-us/library/aa380254(v=VS.85).aspx

Edited by usabrad86, 14 June 2011 - 03:25 PM.





#2 shai

shai

    Wayfarer

  • Active Members
  • Pip
  • 82 posts

Posted 14 June 2011 - 06:36 AM

the CAPICOM redistributable link is broken

real link is:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=860ee43a-a843-462f-abb5-ff88ea5896f6

and http://timestamp.verisign.com/scripts/timestamp.dll says "File not found".
i think you can use this:
http://www.trustcenter.de/codesigning/timestamp

Edited by shai, 14 June 2011 - 06:46 AM.

#3 Jon

Jon

    Up all night to get lucky

  • Administrators
  • 9,529 posts

Posted 14 June 2011 - 07:44 AM

We sign the autoit exes by driving the signtool GUI which is a bit lame. I've never had the time to look at a scripted solution so this might be useful.
http://www.autoitconsulting.com/site/blog/

#4 usabrad86

usabrad86

    Seeker

  • Active Members
  • 14 posts

Posted 14 June 2011 - 01:42 PM

http://timestamp.verisign.com/scripts/timestamp.dll says "File not found".
i think you can use this:
http://www.trustcenter.de/codesigning/timestamp

the timestamp.dll from verisign is working for me... its not something you Download... its a link to there timestamper server. witch supplies a RCP connection to a Atomic Clock
I suggest looking for the timestamp URL from the provider you got your SSL cert from...

We sign the autoit exes by driving the signtool GUI which is a bit lame. I've never had the time to look at a scripted solution so this might be useful.

Thanks Jon for showing interest in my script :huh2:

#5 Valik

Valik

    Former developer.

  • Active Members
  • PipPipPipPipPipPip
  • 18,879 posts

Posted 14 June 2011 - 02:43 PM

We sign the autoit exes by driving the signtool GUI which is a bit lame. I've never had the time to look at a scripted solution so this might be useful.

And I've always hated how we do it but it works and I've never been arsed to bother looking into a cleaner way. One of these days I'm going to set up a self-signed certificate just so I can sign my own personal binaries for UAC prompt purposes, maybe then when I get more familiar with how signing works I'll see a cleaner way.

#6 usabrad86

usabrad86

    Seeker

  • Active Members
  • 14 posts

Posted 14 June 2011 - 03:40 PM

i figured i would give the scripting.signer version also

AutoIt          
;~ --------------------------------- File Handling  ---------------------------------
If $CmdLine[0]<1 Then
    $TheFile = FileSaveDialog('Select File', @ScriptDir,"All (*.*)")
Else
    $TheFile=$CmdLine[1]
EndIf
if $TheFile= "" then exit(99)
Sleep(1000)

; --------------------------------- Sign it ----------------------------------
$oSigner = ObjCreate("Scripting.Signer")
$oSigner.SignFile ($TheFile, "***Put the name of your signature here***")
$oSigner = ""

; --------------------------------- TimeStampIt ------------------------------
$oSignerCode = ObjCreate("CAPICOM.SignedCode.1")
$oSignerCode.FileName = $TheFile
$oSignerCode.Timestamp("<a href='http://timestamp.verisign.com/scripts/timestamp.dll' class='bbc_url' title='External link' rel='nofollow external'>http://timestamp.verisign.com/scripts/timestamp.dll"</a>)
$oSignerCode = ""


;~ --------------------------------- Error Handling  --------------------------------
Func MyErrFunc()
  Local $HexNumber=hex($oMyError.number,8)
  Msgbox(48,@ScriptName,"An error has been encountered"       & @CRLF  & @CRLF & _
             "  description: " & @TAB & $oMyError.description    & @CRLF & _
             "             : " & @TAB & $oMyError.windescription & @CRLF & _
             " error number: " & @TAB & $HexNumber               & @CRLF & _
             "last dllerror: " & @TAB & $oMyError.lastdllerror   & @CRLF & _
             "  line number: " & @TAB & $oMyError.scriptline     & @CRLF & _
             "       source: " & @TAB & $oMyError.source         & @CRLF & _
             "    help file: " & @TAB & $oMyError.helpfile       & @CRLF & _
             "  helpcontext: " & @TAB & $oMyError.helpcontext _
            )
  SetError(1)  ;~ to check for after this function returns 
EndFunc

Exit

Edited by usabrad86, 14 June 2011 - 03:46 PM.

#7 Syed23

Syed23

    Mass Spammer! - It's Me

  • Active Members
  • PipPipPipPipPipPip
  • 519 posts

Posted 22 June 2011 - 12:59 PM

i figured i would give the scripting.signer version also

AutoIt          
;~ --------------------------------- File Handling  ---------------------------------
If $CmdLine[0]<1 Then
    $TheFile = FileSaveDialog('Select File', @ScriptDir,"All (*.*)")
Else
    $TheFile=$CmdLine[1]
EndIf
if $TheFile= "" then exit(99)
Sleep(1000)

; --------------------------------- Sign it ----------------------------------
$oSigner = ObjCreate("Scripting.Signer")
$oSigner.SignFile ($TheFile, "***Put the name of your signature here***")
$oSigner = ""

; --------------------------------- TimeStampIt ------------------------------
$oSignerCode = ObjCreate("CAPICOM.SignedCode.1")
$oSignerCode.FileName = $TheFile
$oSignerCode.Timestamp("http://timestamp.verisign.com/scripts/timestamp.dll")
$oSignerCode = ""


;~ --------------------------------- Error Handling  --------------------------------
Func MyErrFunc()
  Local $HexNumber=hex($oMyError.number,8)
  Msgbox(48,@ScriptName,"An error has been encountered"       & @CRLF  & @CRLF & _
             "  description: " & @TAB & $oMyError.description    & @CRLF & _
             "             : " & @TAB & $oMyError.windescription & @CRLF & _
             " error number: " & @TAB & $HexNumber               & @CRLF & _
             "last dllerror: " & @TAB & $oMyError.lastdllerror   & @CRLF & _
             "  line number: " & @TAB & $oMyError.scriptline     & @CRLF & _
             "       source: " & @TAB & $oMyError.source         & @CRLF & _
             "    help file: " & @TAB & $oMyError.helpfile       & @CRLF & _
             "  helpcontext: " & @TAB & $oMyError.helpcontext _
            )
  SetError(1)  ;~ to check for after this function returns 
EndFunc

Exit

Hi,

Today i got an oportunicyt to download this code and i gave a try. but i am getting below messages. could you please help me? i have installed CAPICOM as well...
Thank you,Regards,K.Syed Ibrahim.

#8 Tlem

Tlem

    Universalist

  • Active Members
  • PipPipPipPipPip
  • 279 posts

Posted 30 October 2011 - 11:34 AM

May be it's late, but it can help someone else.

The Capicom.dll must be regserved and the certificate must be installed in Windows certificate store.

I have updated the code for signing with some error handler and some additions.
Plain Text          
; Digital Signatures and Timestamp
; This script is based on this links :
; <a href='http://www.autoitscript.com/forum/topic/66202-digital-code-signing-your-scrip' class='bbc_url' title=''>http://www.autoitscript.com/forum/topic/66202-digital-code-signing-your-scrip</a>
; <a href='http://www.autoitscript.com/forum/topic/129720-digital-signatures-and-timestamp-with-ssl-certificates' class='bbc_url' title=''>http://www.autoitscript.com/forum/topic/129720-digital-signatures-and-timestamp-with-ssl-certificates</a>
; The following are requested :
; The CapiCom.dll must be regserved in Windows system dir.
; The certificate must be installed in Windows certificate store.
; A web access (for TimeStamp).
OnAutoItExitRegister("ExitFunc")
Global $SrcFile = FileSaveDialog('Select File', @ScriptDir, "Au3 File (*.Au3)")
If $SrcFile = "" Then Exit (0)
Global $DateAndTime = @YEAR & @MON & @MDAY & "-" & @HOUR & @MIN & @SEC
Global $DstFile = StringTrimRight($SrcFile, 4) & "_" & $DateAndTime & "_Signed.au3"
Global $TmpFile = $SrcFile & $DateAndTime & ".vbs"
Global $SignName = InputBox("Certificate Name", "Type the name of your certificate")
If $SignName = "" Then Exit (0)
If Not FileCopy($SrcFile, $TmpFile) Then
Exit (0)
EndIf
; Initialize error handler
$oMyError = ObjEvent("AutoIt.Error", "MyErrFunc")
; --------------------------------- Sign it ----------------------------------
$oSigner = ObjCreate("Scripting.Signer")
$oSigner.SignFile($TmpFile, $SignName)
If @error then Exit
$oSigner = ""
; --------------------------------- Sign it ----------------------------------
; --------------------------------- TimeStampIt ------------------------------
If Ping("www.google.com", 250) Then
$oSignerCode = ObjCreate("CAPICOM.SignedCode.1")
$oSignerCode.FileName = $TmpFile
$oSignerCode.Timestamp("<a href='http://timestamp.verisign.com/scripts/timestamp.dll' class='bbc_url' title='External link' rel='nofollow external'>http://timestamp.verisign.com/scripts/timestamp.dll"</a>)
If @error then Exit
$oSignerCode = ""
EndIf
; --------------------------------- TimeStampIt ------------------------------

If Not @error And FileMove($TmpFile, $DstFile) = 1 Then
MsgBox(64 + 262144, "SignCode", "The file '" & $DstFile & "' have been created." & @TAB)
Exit
EndIf

; -------------------------------- Error handler -----------------------------
Func MyErrFunc()
Local $HexNumber = Hex($oMyError.number, 8)
MsgBox(48, @ScriptName, "An error has been encountered" & @CRLF & @CRLF & _
   "  description: " & @TAB & $oMyError.description & @CRLF & _
   "             : " & @TAB & $oMyError.windescription & @CRLF & _
   " error number: " & @TAB & $HexNumber & @CRLF & _
   "last dllerror: " & @TAB & $oMyError.lastdllerror & @CRLF & _
   "  line number: " & @TAB & $oMyError.scriptline & @CRLF & _
   "       source: " & @TAB & $oMyError.source & @CRLF & _
   "    help file: " & @TAB & $oMyError.helpfile & @CRLF & _
   "  helpcontext: " & @TAB & $oMyError.helpcontext _
   )
SetError(1) ; to check for after this function returns
EndFunc   ;==>MyErrFunc
; -------------------------------- Error handler -----------------------------
; -------------------------------- Exit Function -----------------------------
Func ExitFunc()
If FileExists($TmpFile) Then
  FileDelete($TmpFile)
EndIf
Exit
EndFunc
; -------------------------------- Exit Function -----------------------------
Exit
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;     Signature block follows      ;;;;;;;;
;;;;;;;; Must be removed before compiling ;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Best Regards.Thierry

#9 prazetto

prazetto

    Seeker

  • Active Members
  • 44 posts

Posted 26 November 2011 - 02:39 PM

Also make sure Internet Explorer setting are not working on offline mode.
Go to Internet Explorer --> File --> make sure are Work Offline menu not be checked.

This setting affected to: signcode.exe, capicom.dll and all application based on ie
Or you will get this error:

description   : The timestamp server cannot be reached.
error number  : 80020009
last dllerror : 0
line number   : 18
helpcontext   : 0

In the verge of death

 

Graphical Button [Sizable, pure AutoIt3 script & equal with ActiveX control quality]

Graphical AutoIt3 Control (Button and Progressbar, Next Generation of Graphical Button)

Virtuallization UDF (Virtual File, DLL and ActiveX Virtualization Solution on AutoIt3)

GTK+ Widgets Framework UDF (Implementation of GTK+)

Skin UDF (Change Form Skin. No less No more...)

 

My Official Site

 

Site : http://www.seagea.com

 

logo.png

Back to Developer Chat · Next Unread Topic →


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users




  1. AutoIt Forums
  2. General
  3. Developer Chat
  4. Privacy and Cookie Policy
  5. Forum Rules ·