I am developing a Chrome extension for my company. The extension uses Chrome native messaging, so I am using Wix to create an installer for the host application (Just copy the binary and write a specific registry).
The native host application needs a configuration file, because the host application is performing crypto operations and in order to do that, the user needs to provide his pkcs12 keystore with signing certificates.
My first thought was to create the configuration file during installation. User would provide a path to his keystore file, the installer would write that path into the config file and copy it into the installation directory next to the host binary. I was searching the internet for hours just to find out it is not possible to select a file using Wix, only a directory.
My question is, is this actually true and there is really no way of doing this, and if so, what would you suggest? It's not very user-friendly to ask users to copy their keystore into a particular location. My second idea was to just put a text field and tell the user to fill in the path to their keystore file, but that isn't user-friendly either.
Thank you for all your suggestions
Is there any option to set new icon for a signed PE executable in windows without re-signing it all over again?
This means that the icon image, although fully embedded into the PE file, won't change the hash value as it's appears in the file signature part.
perhaps there's a concept where one can sign only the code and data section of the file and avoid other parts ? or maybe there's an option to exclude unwanted parts from the signature cover ?
Maybe it's possible to place the icon somehow inside the certificate section itself which is created by SignTool, so that it would be excluded from signing?
thanks
No, the signTool provided by microsoft that is used to sign binary files is not able to partially sign files. And it wouldn't make much sense to sign a binary if anyone could just change the embedded resources - the application code might rely on the data in those resources. So if the resource's integrity is not covered by the signature, the executable code would also be untrusted, thus defeating the purpose of the signature.
A solution would be to externalize the resources, so it's not part of the signature. It just might be possible by specifying an external path to the icon in the application's manifest file - but I'm not sure.
I have customising my version of the Ammyy Admin executable (AA_V3.exe) available from http://ammyy.com. I have bought a license that allows me to customise this file which I have successfully done. I am still getting an unsigned application window when opening on my 64 bit Windows 10 computer, and would like to resign this executable.
I have installed Visual Studio Community 2017 to get the signtool.exe. It seems I need to generate a certificate using makecert.exe, however to do this I need to be able to provide the Identity from the .xml file as outlined on this page - https://msdn.microsoft.com/en-us/library/windows/desktop/jj835832(v=vs.85).aspx. The issue is that there is no .xml file, nor can I seem to be able to get makeappx.exe generate one for me.
So as I see it, the steps I need to be able to complete are as follows;
Generate a .xml file from AA_V3.exe somehow using makeappx.exe
Find the Identity string for AA_V3 within that .xml file and then use makecert.exe to generate a certificate.
Use signtool to sign the AA_V3.exe application using my newly created certificate.
Let me know if I'm on the wrong track here.
I want to add a file to a signed mac app without damaging its signature. How do I do that?
Basically, I have a signed mac app that can be downloaded from my website. I want to add a few parameters(in a new file say user_data.txt) to my app which is relevant to the users(like his/her email address) when it is downloaded each time. How do I do that without damaging the signature?
I included a file, say user_data.txt, in the app before codesign. While doing codesign, I used --resource-rules to ignore signing of that particular file. This is an one time task
Each time when a user attempts to download this file, I modify the user_data.txt and write the modified app file in the output stream as a zip file.
My installer build "signs" a DLL using a Code Signing certificate during the build process.
I've noticed that if I try to build twice in succession, the second build fails because the DLL is already signed so signcode chokes. Obviously I can fix this by signing a copy of the DLL in the build, but the problem intrigued me:
Is it possible to "unsign" a DLL, and if not, why not...?
signtool remove /s C:\path\to.exe.or.dll
signtool is available in Windows SDK, and must be at least from Windows 8 SDK kit (version 6.2.9200.20789) to have the remove command supported.
You can use delcert.exe from the this XDA Forum post.
here is a small tool that strips (removes) digital sign (Authenticode)
from PE executable files like *.exe, *.dll, *.mui, etc.
It's fairly easy to remove the signature from a .dll file using the ImageRemoveCertificate API.
You don't have any language specified in your tags but this article shows how to implement it in C#. Remove digital signature from a file using C#
Other than that, if you are looking for a simple tool to do the work for you, you can use FileUnsigner.
Another possible option is to switch to the SignTool.exe. It comes with the Windows SDK and signing a binary that has already been signed does not generate an error. I use signtool.exe in my build process and haven't any difficulties with it, even when something is already signed.
Also, check out the question What's the main difference between signcode.exe and signtool.exe?
Sure it's possible, but not trivial.
Although it would be easier to save a copy of the presigned DLL.
This digital signature is little more than an extra section appended to the end of a PE file. You could write a program that deleted the signature, if you want.
It's not quite as simple as truncating the file; you have to remove references to the signature in the file header. It could get complicated if the DLL has multiple signatures and you just want to remove one.
The format of a PE file is publicly documented here
Check if your build tool supports "Re-signing". This should replace all existing signatures.
If not, you can use Stud_PE to remove the signature block.
Open the DLL or EXE in Stud_PE, go to the sections tab, right click the digital signature section and select "Delete section". However, this needs user interaction. Old versions of the tool could destroy the file.