Code Signing

[pdaughe]

I wanted to run MS's signtool.exe right after compiling an autoscript to automatically sign the exe.

By including this Autowrapper directive:

AutoIt3Wrapper_Run_After="C:\Utilities\Code Signer.exe" %out%

in any program I want digitally signed, I accomplished the task.

Code Signer.au3 is a simple script whose job is to handle the parameter passing (i.e. the messy quotes). I was NOT able to pass the required parameters directly on the Run_After directive.

Here's the essence of Code Signer.au3:

If Not $CmdLine[0] Then 
   Msg[code]Box ($MB_ICONHAND, "Code Signer", "Program cannot be directly executed")
   Exit
EndIf

Local $Program_Path = $CMDLINE[1]

For $I = 2 To $CMDLINE[0]
   $Program_Path &= " " & $CMDLINE[$I]
Next

Local $RC = RunWait ("C:\Utilities\signtool.exe " & _
      'sign /a /d "' & $Product_Name & '" /du "' & $Product_URL & '" "' & $Program_Path & '"', @ScriptDir, @SW_HIDE)

If $RC Then _
   MsgBox ($MB_ICONHAND, "Code Signer", "Unable to sign the following program:" & @CRLF & @CRLF & $Program_Path)

There's no magic here -- I just thought I share this because I struggled with the objective for a couple of hours!

Paul

Edited July 19, 2008 by pdaughe

[Oldschool]

I wanted to run MS's signtool.exe right after compiling an autoscript to automatically sign the exe.

By including this Autowrapper directive:

AutoIt3Wrapper_Run_After="C:\Utilities\Code Signer.exe" %out%

in any program I want digitally signed, I accomplished the task.

Code Signer.au3 is a simple script whose job is to handle the parameter passing (i.e. the messy quotes). I was NOT able to pass the required parameters directly on the Run_After directive.

Here's the essence of Code Signer.au3:

If Not $CmdLine[0] Then 
   Msg[code]Box ($MB_ICONHAND, "Code Signer", "Program cannot be directly executed")
   Exit
EndIf

Local $Program_Path = $CMDLINE[1]

For $I = 2 To $CMDLINE[0]
   $Program_Path &= " " & $CMDLINE[$I]
Next

Local $RC = RunWait ("C:\Utilities\signtool.exe " & _
      'sign /a /d "' & $Product_Name & '" /du "' & $Product_URL & '" "' & $Program_Path & '"', @ScriptDir, @SW_HIDE)

If $RC Then _
   MsgBox ($MB_ICONHAND, "Code Signer", "Unable to sign the following program:" & @CRLF & @CRLF & $Program_Path)

There's no magic here -- I just thought I share this because I struggled with the objective for a couple of hours!

Paul

Thats pretty good...here is a link to Ptrex doing the same...

http://www.autoitscript.com/forum/index.ph...t=0#entry490962

[Jos]

Just out of curiosity: What was the problem you had trying it directly with AutoIt3Wrapper_Run_After?

have you tried:

AutoIt3Wrapper_Run_After="""cmd /c C:\Utilities\Code Signer.exe" "%out%" param2 param3 ""

[pdaughe]

OldSchool,

Ptrex provided an excellent background on the fundamentals of code signing -- I in fact first made my own digital certificate (which was VERY difficult) successfully on my machine. What I didn't understand initially was the point that PsaltyDS made in that same thread: it all depends on whether you, the author, are able or want to distribute the certificate for others to install on their machine. In some corporate settings, I can see where that may be plausible. However, for software distribution in the public domain, one needs to purchase the certificate from a well-known certificate authority (CA).

Jos,

No, I hadn't tried specifically your example of executing the program via cmd; perhaps you could explain why, from an argument passing perspective, that would be different. The directive did not seem to accept the program path in quotes, followed by multiple parameters in quotes.

In the end, I realized it would be nice to be able to pass parameters to signtool via program variables, which can't be done via an AutoWrapper directive.