Jump to content

Digital Signatures and Timestamp with SSL Certificates

Recommended Posts

Thanks Tlem,

Thats the one I used  NET Framework 2.0  maybe that's why its not working correctly the file names are different due to the file name need changing I will re run this bit again ..

If you want to make your selfcert, you can extract these files too :

FL_makecert_exe_____X86.3643236F_FC70_11D3_A536_0090278A1BB8  and rename it makecert.exe

FL_cert2spc_exe_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 and rename it cert2spc.exe
FL_certmgr_exe_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 and rename it certmgr.exe

I do have my Cert though the problems now is signing the exe  .

Edited by Tardis

Share this post

Link to post
Share on other sites

I found this and may be helpful and it works on my exe is now signed :thumbsup:

signtool.exe sign /p "PASSWORD" /v /f "MY-PFX.pfx" -t "http://timestamp.verisign.com/scripts/timstamp.dll" "MY-EXE.exe"


BUT the UAC still says UNKNOWN publisher :

Need a :sorcerer:  Please

Share this post

Link to post
Share on other sites

No its my own and I added to my trust list >_<  I think I understand now why need pay $$ to get one from CA :censored:  - No problem at least it works ;)

Share this post

Link to post
Share on other sites
Posted (edited)

I modified this script.
Here is my result:

#AutoIt3Wrapper_Au3Check_Parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6 -w 7
#AutoIt3Wrapper_UseX64=N ; CAPICOM is a 32-bit only component

;~ https://www.autoitscript.com/forum/topic/129720-digital-signatures-and-timestamp-with-ssl-certificates

; https://docs.microsoft.com/en-us/windows/win32/seccrypto/signer-options
; https://docs.microsoft.com/en-us/windows/win32/seccrypto/capicom-certificate-include-option
Global Const $CAPICOM_CERTIFICATE_INCLUDE_CHAIN_EXCEPT_ROOT = 0  ; Saves all certificates in the chain with the exception of the root entity.
Global Const $CAPICOM_CERTIFICATE_INCLUDE_WHOLE_CHAIN = 1  ; Saves the complete certificate chain.
Global Const $CAPICOM_CERTIFICATE_INCLUDE_END_ENTITY_ONLY = 2  ; Saves only the end entity certificate.

Exit 0

Func _Example()
    Local $s_FileFullPath_ToSign
    If $CmdLine[0] < 1 Then
        $s_FileFullPath_ToSign = FileSaveDialog('Select File', @ScriptDir, "All (*.*)")
        $s_FileFullPath_ToSign = $CmdLine[1]
    _SignFile($s_FileFullPath_ToSign, "CERTIFICATE.pfx", 'PASSWORD', 'SOME DESCRIPTION')
EndFunc   ;==>_Example

Func _SignFile($s_FileFullPath_ToSign, $s_FileFullPath_Certificat, $s_Password, $s_Description = '')
    ConsoleWrite("> Signing file with this following parameters:" & @CRLF)
    ConsoleWrite("> 1= " & $s_FileFullPath_ToSign & @CRLF)
    If Not FileExists($s_FileFullPath_ToSign) Then
        ConsoleWrite("!    NOT EXIST" & @CRLF)
        Exit 1
    ConsoleWrite("> 2= " & $s_FileFullPath_Certificat & @CRLF)
    If Not FileExists($s_FileFullPath_Certificat) Then
        ConsoleWrite("!    NOT EXIST" & @CRLF)
        Exit 2
    ConsoleWrite("> 3= " & StringLen($s_Password) & @CRLF)
    ConsoleWrite("> 4= " & $s_Description & @CRLF)

    Local $oError = ObjEvent("AutoIt.Error", _COM_ErrorHandler_for_Signer) ; Initialize Error Handler
    #forceref $oError

    ; Create COM objects
    ; https://docs.microsoft.com/en-us/windows/win32/seccrypto/signedcode
    Local $oSignerCode = ObjCreate("CAPICOM.SignedCode.1")

    ; https://docs.microsoft.com/en-us/windows/win32/seccrypto/signedcode-signer
    ; https://docs.microsoft.com/en-us/windows/win32/seccrypto/signer
    Local $oSigner = ObjCreate("CAPICOM.Signer.1")

    ; Load certificate - Who Is Signing
    $oSigner.Load($s_FileFullPath_Certificat, $s_Password)

    ; https://docs.microsoft.com/en-us/windows/win32/seccrypto/signer-options

    #Region - Sign it
    $oSignerCode.FileName = $s_FileFullPath_ToSign
    If $s_Description = Default Then $s_Description = InputBox("Description", "Add a Description.. EX.. My Project Name v.01")
    If Not $s_Description = "" Then $oSignerCode.Description = $s_Description
    ; TimeStampIt
    #EndRegion - Sign it

    ; CleanUp - Clear Memory
    $oSignerCode = ""
    $oSigner = ""

EndFunc   ;==>_SignFile

Func _COM_ErrorHandler_for_Signer(ByRef $oError)
    Local $HexNumber = Hex($oError.number, 8)
    ConsoleWrite("! " & "Signer intercept COM Error" & @CRLF)
    ConsoleWrite("! " & "  $oError.description is: " & @TAB & $oError.description & @CRLF)
    ConsoleWrite("! " & "  $oError.windescription:" & @TAB & $oError.windescription & @CRLF)
    ConsoleWrite("! " & "  $oError.number is: " & @TAB & $HexNumber & @CRLF)
    ConsoleWrite("! " & "  $oError.lastdllerror is: " & @TAB & $oError.lastdllerror & @CRLF)
    ConsoleWrite("! " & "  $oError.scriptline is: " & @TAB & $oError.scriptline & @CRLF)
    ConsoleWrite("! " & "  $oError.source is: " & @TAB & $oError.source & @CRLF)
    ConsoleWrite("! " & "  $oError.helpfile is: " & @TAB & $oError.helpfile & @CRLF)
    ConsoleWrite("! " & "  $oError.helpcontext is: " & @TAB & $oError.helpcontext & @CRLF)
    Exit 20
EndFunc   ;==>_COM_ErrorHandler_for_Signer



I just tried this on second computer (latop), and I get into trouble. So I also read:

And if you get (just like I on my laptop)


$oError.windescription:    Nieprawidłowy ciąg klasy.
$oError.number is:     800401F3



$oError.windescription:    Klasa niezarejestrowana.
$oError.number is:     80040154

To fix this you should download: 
Platform SDK Redistributable: CAPICOM

And register:
regsvr32 "c:\Program Files (x86)\Microsoft CAPICOM SDK\Lib\X86\capicom.dll"



according to:



CAPICOM is a 32-bit only component


so the script must use 32Bit AutoIt so I added:



Edited by mLipok

Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest beginning - communication with GitHub REST API Forum Rules *
Include Dependency Tree (Tool for analyzing script relations)
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST APIErrorLog.au3 UDF - A logging Library *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskScheduler

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2020-09-18

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...