Jump to content

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more here. X
X


Photo

Digital Signatures and Timestamp with SSL Certificates


  • Please log in to reply
8 replies to this topic

#1 usabrad86

usabrad86

    Seeker

  • Active Members
  • 14 posts

Posted 14 June 2011 - 03:46 AM

i think found a new way to sign a our compiled exe files....(other then scripting.signer or signtool)

You may need to download the CAPICOM redistributable from Microsoft:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=860ee43a-a843-462f-abb5-ff88ea5896f6

AutoIt         
;~ --------------------------------- File Handling  --------------------------------- If $CmdLine[0]<1 Then     $TheFile = FileSaveDialog('Select File', @ScriptDir,"All (*.*)") Else     $TheFile=$CmdLine[1] EndIf Sleep(1000) ;~ --------------------------------- Initialize Error Handler ------------------------ $oMyError = ObjEvent("AutoIt.Error","MyErrFunc") ;~ --------------------------------- Create COM objects ------------------------------ $oSignerCode = ObjCreate("CAPICOM.SignedCode.1") $oSigner = ObjCreate("CAPICOM.Signer.1") ;~ --------------------------------- Who Is Signing ---------------------------------- $oSigner.Load ("objectSignCert.p12", "certPassword") ;~ $oSigner.Options = CAPICOM.CAPICOM_CERTIFICATE_INCLUDE_OPTION.CAPICOM_CERTIFICATE_INCLUDE_END_ENTITY_ONLY ;~ --------------------------------- Sign it ----------------------------------------- $oSignerCode.FileName = $TheFile $desc = InputBox("Description","Add a Description.. EX.. My Project Name v.01") if not $desc = "" then $oSignerCode.Description = $desc $oSignerCode.Sign($oSigner) ;~ --------------------------------- TimeStampIt ------------------------------------- $oSignerCode.Timestamp("http://timestamp.verisign.com/scripts/timestamp.dll") ;~ --------------------------------- Clear Memory ------------------------------------ $oSignerCode = "" $oSigner = "" ;~ --------------------------------- Error Handling  -------------------------------- Func MyErrFunc()   Local $HexNumber=hex($oMyError.number,8)   Msgbox(48,@ScriptName,"An error has been encountered"       & @CRLF  & @CRLF & _              "  description: " & @TAB & $oMyError.description    & @CRLF & _              "             : " & @TAB & $oMyError.windescription & @CRLF & _              " error number: " & @TAB & $HexNumber               & @CRLF & _              "last dllerror: " & @TAB & $oMyError.lastdllerror   & @CRLF & _              "  line number: " & @TAB & $oMyError.scriptline     & @CRLF & _              "       source: " & @TAB & $oMyError.source         & @CRLF & _              "    help file: " & @TAB & $oMyError.helpfile       & @CRLF & _              "  helpcontext: " & @TAB & $oMyError.helpcontext _                           )   SetError(1)  ;~ to check for after this function returns EndFunc Exit


Ive set this up as a drag and dropOnTo exe...
i wanted to create this because i didn't wanna open up signtool.exe and do pointless clicking every time.
and the scripting.signer.... Just doesn't do Time-stamping....

let me know if theres a problem

I got a little more info and stuff on this madder

to only timestamp useing the capicom.dll (you can only timestamp the file after its been signed)
AutoIt         
;~ --------------------------------- File Handling  --------------------------------- If $CmdLine[0]<1 Then     $TheFile = FileSaveDialog('Select File', @ScriptDir,"All (*.*)") Else     $TheFile=$CmdLine[1] EndIf if $TheFile= "" then exit(99) Sleep(1000) ;~ --------------------------------- Initialize Error Handler ------------------------ $oMyError = ObjEvent("AutoIt.Error","MyErrFunc") ;~ --------------------------------- Create COM objects ------------------------------ $oSignerCode = ObjCreate("CAPICOM.SignedCode.1") ;~ --------------------------------- What to Time Stamp ------------------------------ $oSignerCode.FileName = $TheFile ;~ --------------------------------- TimeStampIt ------------------------------------- $oSignerCode.Timestamp("http://timestamp.verisign.com/scripts/timestamp.dll") ;~ --------------------------------- Clear Memory ------------------------------------ $oSignerCode = "" ;~ --------------------------------- Error Handling  -------------------------------- Func MyErrFunc()   Local $HexNumber=hex($oMyError.number,8)   Msgbox(48,@ScriptName,"An error has been encountered"       & @CRLF  & @CRLF & _              "  description: " & @TAB & $oMyError.description    & @CRLF & _              "             : " & @TAB & $oMyError.windescription & @CRLF & _              " error number: " & @TAB & $HexNumber               & @CRLF & _              "last dllerror: " & @TAB & $oMyError.lastdllerror   & @CRLF & _              "  line number: " & @TAB & $oMyError.scriptline     & @CRLF & _              "       source: " & @TAB & $oMyError.source         & @CRLF & _              "    help file: " & @TAB & $oMyError.helpfile       & @CRLF & _              "  helpcontext: " & @TAB & $oMyError.helpcontext _             )   SetError(1)  ;~ to check for after this function returns EndFunc Exit


so you can use the "Scripting.Signer" method to sign the file if you wanted too..
http://www.autoitscript.com/forum/topic/124467-verifying-signed-files/page__view__findpost__p__865990

for more info on the objects in the capicom.dll look at
http://msdn.microsoft.com/en-us/library/aa380254(v=VS.85).aspx

Edited by usabrad86, 14 June 2011 - 03:25 PM.








#2 shai

shai

    Wayfarer

  • Active Members
  • Pip
  • 97 posts

Posted 14 June 2011 - 06:36 AM

the CAPICOM redistributable link is broken

real link is:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=860ee43a-a843-462f-abb5-ff88ea5896f6

and http://timestamp.verisign.com/scripts/timestamp.dll says "File not found".
i think you can use this:
http://www.trustcenter.de/codesigning/timestamp

Edited by shai, 14 June 2011 - 06:46 AM.


#3 Jon

Jon

    Up all night to get lucky

  • Administrators
  • 10,470 posts

Posted 14 June 2011 - 07:44 AM

We sign the autoit exes by driving the signtool GUI which is a bit lame. I've never had the time to look at a scripted solution so this might be useful.

#4 usabrad86

usabrad86

    Seeker

  • Active Members
  • 14 posts

Posted 14 June 2011 - 01:42 PM

http://timestamp.verisign.com/scripts/timestamp.dll says "File not found".
i think you can use this:
http://www.trustcenter.de/codesigning/timestamp

the timestamp.dll from verisign is working for me... its not something you Download... its a link to there timestamper server. witch supplies a RCP connection to a Atomic Clock
I suggest looking for the timestamp URL from the provider you got your SSL cert from...

We sign the autoit exes by driving the signtool GUI which is a bit lame. I've never had the time to look at a scripted solution so this might be useful.

Thanks Jon for showing interest in my script :huh2:

#5 Valik

Valik

    Former developer.

  • Active Members
  • PipPipPipPipPipPip
  • 18,879 posts

Posted 14 June 2011 - 02:43 PM

We sign the autoit exes by driving the signtool GUI which is a bit lame. I've never had the time to look at a scripted solution so this might be useful.

And I've always hated how we do it but it works and I've never been arsed to bother looking into a cleaner way. One of these days I'm going to set up a self-signed certificate just so I can sign my own personal binaries for UAC prompt purposes, maybe then when I get more familiar with how signing works I'll see a cleaner way.

#6 usabrad86

usabrad86

    Seeker

  • Active Members
  • 14 posts

Posted 14 June 2011 - 03:40 PM

i figured i would give the scripting.signer version also

AutoIt         
;~ --------------------------------- File Handling  --------------------------------- If $CmdLine[0]<1 Then     $TheFile = FileSaveDialog('Select File', @ScriptDir,"All (*.*)") Else     $TheFile=$CmdLine[1] EndIf if $TheFile= "" then exit(99) Sleep(1000) ; --------------------------------- Sign it ---------------------------------- $oSigner = ObjCreate("Scripting.Signer") $oSigner.SignFile ($TheFile, "***Put the name of your signature here***") $oSigner = "" ; --------------------------------- TimeStampIt ------------------------------ $oSignerCode = ObjCreate("CAPICOM.SignedCode.1") $oSignerCode.FileName = $TheFile $oSignerCode.Timestamp("<a href='http://timestamp.verisign.com/scripts/timestamp.dll' class='bbc_url' title='External link' rel='nofollow external'>http://timestamp.verisign.com/scripts/timestamp.dll"</a>) $oSignerCode = "" ;~ --------------------------------- Error Handling  -------------------------------- Func MyErrFunc()   Local $HexNumber=hex($oMyError.number,8)   Msgbox(48,@ScriptName,"An error has been encountered"       & @CRLF  & @CRLF & _              "  description: " & @TAB & $oMyError.description    & @CRLF & _              "             : " & @TAB & $oMyError.windescription & @CRLF & _              " error number: " & @TAB & $HexNumber               & @CRLF & _              "last dllerror: " & @TAB & $oMyError.lastdllerror   & @CRLF & _              "  line number: " & @TAB & $oMyError.scriptline     & @CRLF & _              "       source: " & @TAB & $oMyError.source         & @CRLF & _              "    help file: " & @TAB & $oMyError.helpfile       & @CRLF & _              "  helpcontext: " & @TAB & $oMyError.helpcontext _             )   SetError(1)  ;~ to check for after this function returns EndFunc Exit

Edited by usabrad86, 14 June 2011 - 03:46 PM.


#7 Syed23

Syed23

    Mass Spammer! - It's Me

  • Active Members
  • PipPipPipPipPipPip
  • 544 posts

Posted 22 June 2011 - 12:59 PM

i figured i would give the scripting.signer version also

AutoIt         
;~ --------------------------------- File Handling  --------------------------------- If $CmdLine[0]<1 Then     $TheFile = FileSaveDialog('Select File', @ScriptDir,"All (*.*)") Else     $TheFile=$CmdLine[1] EndIf if $TheFile= "" then exit(99) Sleep(1000) ; --------------------------------- Sign it ---------------------------------- $oSigner = ObjCreate("Scripting.Signer") $oSigner.SignFile ($TheFile, "***Put the name of your signature here***") $oSigner = "" ; --------------------------------- TimeStampIt ------------------------------ $oSignerCode = ObjCreate("CAPICOM.SignedCode.1") $oSignerCode.FileName = $TheFile $oSignerCode.Timestamp("<a href='http://timestamp.verisign.com/scripts/timestamp.dll' class='bbc_url' title='External link' rel='nofollow external'>http://timestamp.verisign.com/scripts/timestamp.dll"</a>) $oSignerCode = "" ;~ --------------------------------- Error Handling  -------------------------------- Func MyErrFunc()   Local $HexNumber=hex($oMyError.number,8)   Msgbox(48,@ScriptName,"An error has been encountered"       & @CRLF  & @CRLF & _              "  description: " & @TAB & $oMyError.description    & @CRLF & _              "             : " & @TAB & $oMyError.windescription & @CRLF & _              " error number: " & @TAB & $HexNumber               & @CRLF & _              "last dllerror: " & @TAB & $oMyError.lastdllerror   & @CRLF & _              "  line number: " & @TAB & $oMyError.scriptline     & @CRLF & _              "       source: " & @TAB & $oMyError.source         & @CRLF & _              "    help file: " & @TAB & $oMyError.helpfile       & @CRLF & _              "  helpcontext: " & @TAB & $oMyError.helpcontext _             )   SetError(1)  ;~ to check for after this function returns EndFunc Exit


Hi,

Today i got an oportunicyt to download this code and i gave a try. but i am getting below messages. could you please help me? i have installed CAPICOM as well...
Thank you,Regards,K.Syed Ibrahim.

#8 Tlem

Tlem

    Universalist

  • Active Members
  • PipPipPipPipPipPip
  • 326 posts

Posted 30 October 2011 - 11:34 AM

May be it's late, but it can help someone else.

The Capicom.dll must be regserved and the certificate must be installed in Windows certificate store.

I have updated the code for signing with some error handler and some additions.
Plain Text         
; Digital Signatures and Timestamp ; This script is based on this links : ; <a href='http://www.autoitscript.com/forum/topic/66202-digital-code-signing-your-scrip' class='bbc_url' title=''>http://www.autoitscript.com/forum/topic/66202-digital-code-signing-your-scrip</a> ; <a href='http://www.autoitscript.com/forum/topic/129720-digital-signatures-and-timestamp-with-ssl-certificates' class='bbc_url' title=''>http://www.autoitscript.com/forum/topic/129720-digital-signatures-and-timestamp-with-ssl-certificates</a> ; The following are requested : ; The CapiCom.dll must be regserved in Windows system dir. ; The certificate must be installed in Windows certificate store. ; A web access (for TimeStamp). OnAutoItExitRegister("ExitFunc") Global $SrcFile = FileSaveDialog('Select File', @ScriptDir, "Au3 File (*.Au3)") If $SrcFile = "" Then Exit (0) Global $DateAndTime = @YEAR & @MON & @MDAY & "-" & @HOUR & @MIN & @SEC Global $DstFile = StringTrimRight($SrcFile, 4) & "_" & $DateAndTime & "_Signed.au3" Global $TmpFile = $SrcFile & $DateAndTime & ".vbs" Global $SignName = InputBox("Certificate Name", "Type the name of your certificate") If $SignName = "" Then Exit (0) If Not FileCopy($SrcFile, $TmpFile) Then Exit (0) EndIf ; Initialize error handler $oMyError = ObjEvent("AutoIt.Error", "MyErrFunc") ; --------------------------------- Sign it ---------------------------------- $oSigner = ObjCreate("Scripting.Signer") $oSigner.SignFile($TmpFile, $SignName) If @error then Exit $oSigner = "" ; --------------------------------- Sign it ---------------------------------- ; --------------------------------- TimeStampIt ------------------------------ If Ping("www.google.com", 250) Then $oSignerCode = ObjCreate("CAPICOM.SignedCode.1") $oSignerCode.FileName = $TmpFile $oSignerCode.Timestamp("<a href='http://timestamp.verisign.com/scripts/timestamp.dll' class='bbc_url' title='External link' rel='nofollow external'>http://timestamp.verisign.com/scripts/timestamp.dll"</a>) If @error then Exit $oSignerCode = "" EndIf ; --------------------------------- TimeStampIt ------------------------------ If Not @error And FileMove($TmpFile, $DstFile) = 1 Then MsgBox(64 + 262144, "SignCode", "The file '" & $DstFile & "' have been created." & @TAB) Exit EndIf ; -------------------------------- Error handler ----------------------------- Func MyErrFunc() Local $HexNumber = Hex($oMyError.number, 8) MsgBox(48, @ScriptName, "An error has been encountered" & @CRLF & @CRLF & _    "  description: " & @TAB & $oMyError.description & @CRLF & _    "             : " & @TAB & $oMyError.windescription & @CRLF & _    " error number: " & @TAB & $HexNumber & @CRLF & _    "last dllerror: " & @TAB & $oMyError.lastdllerror & @CRLF & _    "  line number: " & @TAB & $oMyError.scriptline & @CRLF & _    "       source: " & @TAB & $oMyError.source & @CRLF & _    "    help file: " & @TAB & $oMyError.helpfile & @CRLF & _    "  helpcontext: " & @TAB & $oMyError.helpcontext _    ) SetError(1) ; to check for after this function returns EndFunc   ;==>MyErrFunc ; -------------------------------- Error handler ----------------------------- ; -------------------------------- Exit Function ----------------------------- Func ExitFunc() If FileExists($TmpFile) Then   FileDelete($TmpFile) EndIf Exit EndFunc ; -------------------------------- Exit Function ----------------------------- Exit ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;     Signature block follows      ;;;;;;;; ;;;;;;;; Must be removed before compiling ;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Best Regards.Thierry

#9 prazetto

prazetto

    Wayfarer

  • Active Members
  • Pip
  • 61 posts

Posted 26 November 2011 - 02:39 PM

Also make sure Internet Explorer setting are not working on offline mode.
Go to Internet Explorer --> File --> make sure are Work Offline menu not be checked.

This setting affected to: signcode.exe, capicom.dll and all application based on ie
Or you will get this error:

description   : The timestamp server cannot be reached. error number  : 80020009 last dllerror : 0 line number   : 18 helpcontext   : 0

000.jpg

# CoreFX - LibraryCall - Implementation of widerange calling convention. cdecl, stdcall, fastcall, register, safecall, pascal, thiscall, ms64.

# Button. Progressbar - Graphical AutoIt3 Control (UDF)    # GTK on AutoIt3 - GTK+ Framework | Widgets

 

deleted page info - copy and paste to notepad if your take interest or going to read it.

# AutoIT3 Virtualization UDF [http://www.autoitscript.com/forum/topic/148653-autoit3-virtualization-udf/]

continuation: Wait for the completion of CoreFX (AutoIT3 UDF Collection) at least one or two month! These are shall be release or at least testscript oneshot. Internal development info: @ CoreFX.FileSystem.Virtual.au3 (Pure AutoIt3 script virtualization. All basic are work still take think of internal design.) @Corefx.MultiCallback.au3 (as far goes cdecl, stdcall, fastcall and another are lot of work) @Corefx.LibraryCall.Static.au3 (fixing the mising datatype and new datatype addition)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users