Sign in to follow this  
Followers 0

Digital Signatures and Timestamp with SSL Certificates

24 posts in this topic

#1 ·  Posted (edited)

i think found a new way to sign a our compiled exe files....(other then scripting.signer or signtool)

You may need to download the CAPICOM redistributable from Microsoft:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=860ee43a-a843-462f-abb5-ff88ea5896f6

;~ --------------------------------- File Handling  ---------------------------------
If $CmdLine[0]<1 Then
    $TheFile = FileSaveDialog('Select File', @ScriptDir,"All (*.*)")
Else
    $TheFile=$CmdLine[1]
EndIf

Sleep(1000)

;~ --------------------------------- Initialize Error Handler ------------------------
$oMyError = ObjEvent("AutoIt.Error","MyErrFunc")

;~ --------------------------------- Create COM objects ------------------------------
$oSignerCode = ObjCreate("CAPICOM.SignedCode.1")
$oSigner = ObjCreate("CAPICOM.Signer.1")

;~ --------------------------------- Who Is Signing ----------------------------------
$oSigner.Load ("objectSignCert.p12", "certPassword")
;~ $oSigner.Options = CAPICOM.CAPICOM_CERTIFICATE_INCLUDE_OPTION.CAPICOM_CERTIFICATE_INCLUDE_END_ENTITY_ONLY

;~ --------------------------------- Sign it -----------------------------------------
$oSignerCode.FileName = $TheFile
$desc = InputBox("Description","Add a Description.. EX.. My Project Name v.01")
if not $desc = "" then $oSignerCode.Description = $desc
$oSignerCode.Sign($oSigner)
;~ --------------------------------- TimeStampIt -------------------------------------
$oSignerCode.Timestamp("http://timestamp.verisign.com/scripts/timestamp.dll")

;~ --------------------------------- Clear Memory ------------------------------------
$oSignerCode = ""
$oSigner = ""

;~ --------------------------------- Error Handling  --------------------------------
Func MyErrFunc()
  Local $HexNumber=hex($oMyError.number,8)
  Msgbox(48,@ScriptName,"An error has been encountered"       & @CRLF  & @CRLF & _
             "  description: " & @TAB & $oMyError.description    & @CRLF & _
             "             : " & @TAB & $oMyError.windescription & @CRLF & _
             " error number: " & @TAB & $HexNumber               & @CRLF & _
             "last dllerror: " & @TAB & $oMyError.lastdllerror   & @CRLF & _
             "  line number: " & @TAB & $oMyError.scriptline     & @CRLF & _
             "       source: " & @TAB & $oMyError.source         & @CRLF & _
             "    help file: " & @TAB & $oMyError.helpfile       & @CRLF & _
             "  helpcontext: " & @TAB & $oMyError.helpcontext _
             
            )
  SetError(1)  ;~ to check for after this function returns 
EndFunc
Exit

Ive set this up as a drag and dropOnTo exe...

i wanted to create this because i didn't wanna open up signtool.exe and do pointless clicking every time.

and the scripting.signer.... Just doesn't do Time-stamping....

let me know if theres a problem

I got a little more info and stuff on this madder

to only timestamp useing the capicom.dll (you can only timestamp the file after its been signed)

;~ --------------------------------- File Handling  ---------------------------------
If $CmdLine[0]<1 Then
    $TheFile = FileSaveDialog('Select File', @ScriptDir,"All (*.*)")
Else
    $TheFile=$CmdLine[1]
EndIf
if $TheFile= "" then exit(99)
Sleep(1000)

;~ --------------------------------- Initialize Error Handler ------------------------
$oMyError = ObjEvent("AutoIt.Error","MyErrFunc")

;~ --------------------------------- Create COM objects ------------------------------
$oSignerCode = ObjCreate("CAPICOM.SignedCode.1")
;~ --------------------------------- What to Time Stamp ------------------------------
$oSignerCode.FileName = $TheFile
;~ --------------------------------- TimeStampIt -------------------------------------
$oSignerCode.Timestamp("http://timestamp.verisign.com/scripts/timestamp.dll")
;~ --------------------------------- Clear Memory ------------------------------------
$oSignerCode = ""

;~ --------------------------------- Error Handling  --------------------------------
Func MyErrFunc()
  Local $HexNumber=hex($oMyError.number,8)
  Msgbox(48,@ScriptName,"An error has been encountered"       & @CRLF  & @CRLF & _
             "  description: " & @TAB & $oMyError.description    & @CRLF & _
             "             : " & @TAB & $oMyError.windescription & @CRLF & _
             " error number: " & @TAB & $HexNumber               & @CRLF & _
             "last dllerror: " & @TAB & $oMyError.lastdllerror   & @CRLF & _
             "  line number: " & @TAB & $oMyError.scriptline     & @CRLF & _
             "       source: " & @TAB & $oMyError.source         & @CRLF & _
             "    help file: " & @TAB & $oMyError.helpfile       & @CRLF & _
             "  helpcontext: " & @TAB & $oMyError.helpcontext _
            )
  SetError(1)  ;~ to check for after this function returns 
EndFunc

Exit

so you can use the "Scripting.Signer" method to sign the file if you wanted too..

for more info on the objects in the capicom.dll look at

http://msdn.microsoft.com/en-us/library/aa380254(v=VS.85).aspx

Edited by usabrad86

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

the CAPICOM redistributable link is broken

real link is:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=860ee43a-a843-462f-abb5-ff88ea5896f6

and http://timestamp.verisign.com/scripts/timestamp.dll says "File not found".

i think you can use this:

http://www.trustcenter.de/codesigning/timestamp

Edited by shai

Share this post


Link to post
Share on other sites

#3 ·  Posted

We sign the autoit exes by driving the signtool GUI which is a bit lame. I've never had the time to look at a scripted solution so this might be useful.


Uber promo code: uberautoit

Share this post


Link to post
Share on other sites

#4 ·  Posted

http://timestamp.verisign.com/scripts/timestamp.dll says "File not found".

i think you can use this:

http://www.trustcenter.de/codesigning/timestamp

the timestamp.dll from verisign is working for me... its not something you Download... its a link to there timestamper server. witch supplies a RCP connection to a Atomic Clock

I suggest looking for the timestamp URL from the provider you got your SSL cert from...

We sign the autoit exes by driving the signtool GUI which is a bit lame. I've never had the time to look at a scripted solution so this might be useful.

Thanks Jon for showing interest in my script :huh2:

Share this post


Link to post
Share on other sites

#5 ·  Posted

We sign the autoit exes by driving the signtool GUI which is a bit lame. I've never had the time to look at a scripted solution so this might be useful.

And I've always hated how we do it but it works and I've never been arsed to bother looking into a cleaner way. One of these days I'm going to set up a self-signed certificate just so I can sign my own personal binaries for UAC prompt purposes, maybe then when I get more familiar with how signing works I'll see a cleaner way.

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

i figured i would give the scripting.signer version also

;~ --------------------------------- File Handling  ---------------------------------
If $CmdLine[0]<1 Then
    $TheFile = FileSaveDialog('Select File', @ScriptDir,"All (*.*)")
Else
    $TheFile=$CmdLine[1]
EndIf
if $TheFile= "" then exit(99)
Sleep(1000)

; --------------------------------- Sign it ----------------------------------
$oSigner = ObjCreate("Scripting.Signer")
$oSigner.SignFile ($TheFile, "***Put the name of your signature here***")
$oSigner = ""

; --------------------------------- TimeStampIt ------------------------------
$oSignerCode = ObjCreate("CAPICOM.SignedCode.1")
$oSignerCode.FileName = $TheFile
$oSignerCode.Timestamp("http://timestamp.verisign.com/scripts/timestamp.dll")
$oSignerCode = ""


;~ --------------------------------- Error Handling  --------------------------------
Func MyErrFunc()
  Local $HexNumber=hex($oMyError.number,8)
  Msgbox(48,@ScriptName,"An error has been encountered"       & @CRLF  & @CRLF & _
             "  description: " & @TAB & $oMyError.description    & @CRLF & _
             "             : " & @TAB & $oMyError.windescription & @CRLF & _
             " error number: " & @TAB & $HexNumber               & @CRLF & _
             "last dllerror: " & @TAB & $oMyError.lastdllerror   & @CRLF & _
             "  line number: " & @TAB & $oMyError.scriptline     & @CRLF & _
             "       source: " & @TAB & $oMyError.source         & @CRLF & _
             "    help file: " & @TAB & $oMyError.helpfile       & @CRLF & _
             "  helpcontext: " & @TAB & $oMyError.helpcontext _
            )
  SetError(1)  ;~ to check for after this function returns 
EndFunc

Exit
Edited by usabrad86

Share this post


Link to post
Share on other sites

#7 ·  Posted

i figured i would give the scripting.signer version also

;~ --------------------------------- File Handling  ---------------------------------
If $CmdLine[0]<1 Then
    $TheFile = FileSaveDialog('Select File', @ScriptDir,"All (*.*)")
Else
    $TheFile=$CmdLine[1]
EndIf
if $TheFile= "" then exit(99)
Sleep(1000)

; --------------------------------- Sign it ----------------------------------
$oSigner = ObjCreate("Scripting.Signer")
$oSigner.SignFile ($TheFile, "***Put the name of your signature here***")
$oSigner = ""

; --------------------------------- TimeStampIt ------------------------------
$oSignerCode = ObjCreate("CAPICOM.SignedCode.1")
$oSignerCode.FileName = $TheFile
$oSignerCode.Timestamp("http://timestamp.verisign.com/scripts/timestamp.dll")
$oSignerCode = ""


;~ --------------------------------- Error Handling  --------------------------------
Func MyErrFunc()
  Local $HexNumber=hex($oMyError.number,8)
  Msgbox(48,@ScriptName,"An error has been encountered"       & @CRLF  & @CRLF & _
             "  description: " & @TAB & $oMyError.description    & @CRLF & _
             "             : " & @TAB & $oMyError.windescription & @CRLF & _
             " error number: " & @TAB & $HexNumber               & @CRLF & _
             "last dllerror: " & @TAB & $oMyError.lastdllerror   & @CRLF & _
             "  line number: " & @TAB & $oMyError.scriptline     & @CRLF & _
             "       source: " & @TAB & $oMyError.source         & @CRLF & _
             "    help file: " & @TAB & $oMyError.helpfile       & @CRLF & _
             "  helpcontext: " & @TAB & $oMyError.helpcontext _
            )
  SetError(1)  ;~ to check for after this function returns 
EndFunc

Exit

Hi,

Today i got an oportunicyt to download this code and i gave a try. but i am getting below messages. could you please help me? i have installed CAPICOM as well...


Thank you,Regards,[font="Garamond"][size="4"]K.Syed Ibrahim.[/size][/font]

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

May be it's late, but it can help someone else.

The Capicom.dll must be regserved and the certificate must be installed in Windows certificate store.

I have updated the code for signing with some error handler and some additions.

; Digital Signatures and Timestamp
; This script is based on this links :
; <a href='http://www.autoitscript.com/forum/topic/66202-digital-code-signing-your-scrip' class='bbc_url' title=''>http://www.autoitscript.com/forum/topic/66202-digital-code-signing-your-scrip</a>
; <a href='http://www.autoitscript.com/forum/topic/129720-digital-signatures-and-timestamp-with-ssl-certificates' class='bbc_url' title=''>http://www.autoitscript.com/forum/topic/129720-digital-signatures-and-timestamp-with-ssl-certificates</a>
; The following are requested :
; The CapiCom.dll must be regserved in Windows system dir.
; The certificate must be installed in Windows certificate store.
; A web access (for TimeStamp).
OnAutoItExitRegister("ExitFunc")
Global $SrcFile = FileSaveDialog('Select File', @ScriptDir, "Au3 File (*.Au3)")
If $SrcFile = "" Then Exit (0)
Global $DateAndTime = @YEAR & @MON & @MDAY & "-" & @HOUR & @MIN & @SEC
Global $DstFile = StringTrimRight($SrcFile, 4) & "_" & $DateAndTime & "_Signed.au3"
Global $TmpFile = $SrcFile & $DateAndTime & ".vbs"
Global $SignName = InputBox("Certificate Name", "Type the name of your certificate")
If $SignName = "" Then Exit (0)
If Not FileCopy($SrcFile, $TmpFile) Then
Exit (0)
EndIf
; Initialize error handler
$oMyError = ObjEvent("AutoIt.Error", "MyErrFunc")
; --------------------------------- Sign it ----------------------------------
$oSigner = ObjCreate("Scripting.Signer")
$oSigner.SignFile($TmpFile, $SignName)
If @error then Exit
$oSigner = ""
; --------------------------------- Sign it ----------------------------------
; --------------------------------- TimeStampIt ------------------------------
If Ping("www.google.com", 250) Then
$oSignerCode = ObjCreate("CAPICOM.SignedCode.1")
$oSignerCode.FileName = $TmpFile
$oSignerCode.Timestamp("<a href='http://timestamp.verisign.com/scripts/timestamp.dll' class='bbc_url' title='External link' rel='nofollow external'>http://timestamp.verisign.com/scripts/timestamp.dll</a>")
If @error then Exit
$oSignerCode = ""
EndIf
; --------------------------------- TimeStampIt ------------------------------

If Not @error And FileMove($TmpFile, $DstFile) = 1 Then
MsgBox(64 + 262144, "SignCode", "The file '" & $DstFile & "' have been created." & @TAB)
Exit
EndIf

; -------------------------------- Error handler -----------------------------
Func MyErrFunc()
Local $HexNumber = Hex($oMyError.number, 8)
MsgBox(48, @ScriptName, "An error has been encountered" & @CRLF & @CRLF & _
   "  description: " & @TAB & $oMyError.description & @CRLF & _
   "             : " & @TAB & $oMyError.windescription & @CRLF & _
   " error number: " & @TAB & $HexNumber & @CRLF & _
   "last dllerror: " & @TAB & $oMyError.lastdllerror & @CRLF & _
   "  line number: " & @TAB & $oMyError.scriptline & @CRLF & _
   "       source: " & @TAB & $oMyError.source & @CRLF & _
   "    help file: " & @TAB & $oMyError.helpfile & @CRLF & _
   "  helpcontext: " & @TAB & $oMyError.helpcontext _
   )
SetError(1) ; to check for after this function returns
EndFunc   ;==>MyErrFunc
; -------------------------------- Error handler -----------------------------
; -------------------------------- Exit Function -----------------------------
Func ExitFunc()
If FileExists($TmpFile) Then
  FileDelete($TmpFile)
EndIf
Exit
EndFunc
; -------------------------------- Exit Function -----------------------------
Exit
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;     Signature block follows      ;;;;;;;;
;;;;;;;; Must be removed before compiling ;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
Edited by Tlem

Best Regards.Thierry

Share this post


Link to post
Share on other sites

#9 ·  Posted

Also make sure Internet Explorer setting are not working on offline mode.

Go to Internet Explorer --> File --> make sure are Work Offline menu not be checked.

This setting affected to: signcode.exe, capicom.dll and all application based on ie

Or you will get this error:

description   : The timestamp server cannot be reached.
error number  : 80020009
last dllerror : 0
line number   : 18
helpcontext   : 0

# Goes to my page !

# CoreFX - LibraryCall - Implementation of widerange calling convention. cdecl, stdcall, fastcall, register, safecall, pascal, thiscall, ms64.

# Button. Progressbar - Graphical AutoIt3 Control (UDF) # GTK on AutoIt3 - GTK+ Framework | Widgets

# Compile SciLexer Library [x32|x64] on Visual Studio 2010, 2012, 2013 by yourself!

Share this post


Link to post
Share on other sites

#10 ·  Posted

I know this Post is Old but im trying to use the Code posted via

Tlem

but I get this error -

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
"sign1.au3"(33,205) : error: syntax error
$oSignerCode.Timestamp("<a href='http://timestamp.verisign.com/scripts/timestamp.dll' class='bbc_url' title='External link' rel='nofollow external'>http://timestamp.verisign.com/scripts/timestamp.dll"</a>)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
"sign1.au3"(33,204) : error: a(): undefined function.

any help would be fantastic .

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

Hi Tadis.

It seems that there is a notation error. Move the double quote after </a>

I have edited my previous example code.

$oSignerCode.Timestamp("<a href='http://timestamp.verisign.com/scripts/timestamp.dll' class='bbc_url' title='External link' rel='nofollow external'>http://timestamp.verisign.com/scripts/timestamp.dll"</a>)

should be

$oSignerCode.Timestamp("<a href='http://timestamp.verisign.com/scripts/timestamp.dll' class='bbc_url' title='External link' rel='nofollow external'>http://timestamp.verisign.com/scripts/timestamp.dll</a>")
Edited by Tlem

Best Regards.Thierry

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

Thanks Tlem - I was looking there as well just did not click in my head about the speech marks - at least that bit is fixed :D

Problem now is I get this ?

 

post-64697-0-44159700-1407754815.png

Edited by Tardis

Share this post


Link to post
Share on other sites

#13 ·  Posted

Have you this requirement?

; The following are requested :
; The CapiCom.dll must be regserved in Windows system dir.
; The certificate must be installed in Windows certificate store.
; A web access (for TimeStamp).

Best Regards.Thierry

Share this post


Link to post
Share on other sites

#14 ·  Posted

Ah the  >_<

CapiCom.dll was in 

C:Program Files (x86)Common Filesmicrosoft sharedCAPICOM

not C:WindowsSystem32

the cert is in C:WindowsSystem32

web - i can get to ?

I tyed again now I have this :

 

post-64697-0-57967700-1407772860.png

 

Share this post


Link to post
Share on other sites

#15 ·  Posted

Ah think I just sorted it the problem - Delete old complie first ! - when I run the Exe The UAC still says Unknown Publisher ?

Share this post


Link to post
Share on other sites

#16 ·  Posted

I confirm that this script is very old. It was intented tu ran on AutoIt v3.3.8.x.

And I'm not sure that Timestamp link is still ok.

Maybe it must be updated tu run on new version of AutoIt (COM handling and script breaking). ^^


Best Regards.Thierry

Share this post


Link to post
Share on other sites

#17 ·  Posted

Could be the Autoit ?? - Im runinng the 3.3.12.0 , Thank you Tlem for your time maybe some can shead some light on this ?

Share this post


Link to post
Share on other sites

#18 ·  Posted

Well, I have no time to make debugging for that, but to make what you want, I think you probably should use this : http://www.briggsoft.com/signgui.htm

If you can understand French, you can read this tuto that I have wrote in 2011. ^^


Best Regards.Thierry

Share this post


Link to post
Share on other sites

#19 ·  Posted (edited)

I tryed the signgui first followed the instutions to the letter though i have problem with framework 4.x SDK cant seam to install it so all i get is a error :(

Edited by Tardis

Share this post


Link to post
Share on other sites

#20 ·  Posted (edited)

Extract from my tutorial :

Download :

.NET Framework 2.0 Software Development Kit (SDK) (x86)

or
.NET Framework 2.0 Software Development Kit (SDK) (x64)

With SevenZip, open the Setup.exe and open again the netfxsd1.cab.

From there you can extract where you want :

 

For the x86 version :

FL_signtool_exe_102951_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 and rename it signtool.exe
FL_CapiCom_dll_141190_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 and rename it CapiCom.dll

If you want to make your selfcert, you can extract these files too :

FL_makecert_exe_____X86.3643236F_FC70_11D3_A536_0090278A1BB8  and rename it makecert.exe

FL_cert2spc_exe_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 and rename it cert2spc.exe
FL_certmgr_exe_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 and rename it certmgr.exe

 

With the first 2 tools you can use signgui. ;)

With the other, you can create your selfcert (read my tuto).

And for exporting your certificate : pvkimprt.exe

Edited by Tlem

Best Regards.Thierry

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0