I'm trying to verify integrity of downloaded NetBeans Win10 64 installer. It returns a long string of characters, but I don't know what to do with this result. I know this is supposed to be compared with the file provided by NetBeans, but where do I get that?
Here's what I did:
C:\Users\jag_m>certutil -hashfile D:\DocumentsD\Downloads\NetbeansRelated\Apache-NetBeans-13-bin-windows-x64.exe SHA256
SHA256 hash of D:\DocumentsD\Downloads\NetbeansRelated\Apache-NetBeans-13-bin-windows-x64.exe:
a06ea580a2bfe50bdc8c9791fed5c6032ce8330b16e0c6c5dbf6c9e1c931dc9e
CertUtil: -hashfile command completed successfully.
Related
I'm trying to set the Inno Setup IDE "Sign Tools" command to use a relative path.
I made a sign.bat script which calls signtool.exe following the file structure below:
code_sign\
+ sign.bat
+ signtool.exe
+ cert.pfx
script.iss
If I set the Sign Tool (Tools / Configure Sign Tools...) command to code_sign\sign.bat $p, I got the following error message:
Sign Tool command failed (Failed to execute Sign Tool.
Error 2: The system cannot find the file specified). Will retry (2 tries left).
Running Sign Tool command: sign.bat "(...)\uninst.e32.tmp"
Sign Tool command failed (Failed to execute Sign Tool.
(...)
What is the working path when the sign tool is called?
Sadly I cannot use an absolute path (which works) as the code_sign folder is meant to be a submodule shared with other applications and other users.
What I'm doing wrong here? Should I use the command line version?
Edit: as requested, the sign.bat contents:
SET script_path=%~dp0
SET stool=%script_path%signtool.exe
SET pfx=%script_path%cert.pfx
SET ntp=http://timestamp.globalsign.com/scripts/timstamp.dll
SET pwd=12345
"%stool%" sign /f %pfx% /p %pwd% /tr %ntp% /td SHA256 %1
Configure your sign tool command as only $p.
And then in your .iss, set the SignTool directive as follows (assuming the sign tool command is named custom), with a use of SourcePath preprocessor predefined variable.
[Setup]
SignTool=custom {#SourcePath}\code_sign\sign.bat $f
I recently made a game in Unity3D and I am trying to sign the code with a certificate I bought from Comodo (saved in a pfx file). I have done a ton of research on how to use it and have settled to running these commands:
doskey signtool="C:\Program Files (x86)\Windows Kits\10\Tools\bin\i386\signtool.exe"
signtool sign /f "C:\...[path to cert on desktop]...\cert.pfx" "C:\...[path to exe on desktop]...\Game.exe"
No matter what I do, or slight variations I try, or anything, I always get the same error:
SignTool Error: A required paramter is missing.
Usage: signtool <command> [options]
Even running "signtool sign /?" gives me this same error. I don't understand why the program won't do or even tell me anything useful. Some sources I've seen say I need to add a "/p passwordHere" after the /f option, but that gives the same error message as all others.
You must let doskey know that the macro signtool expects parameters, which are to be passed onto the real signtool.exe. This is done by appending $* at the end of the definition.
doskey signtool="C:\Program Files (x86)\Windows Kits\10\Tools\bin\i386\signtool.exe" $*
From the official Doskey docs (highlight mine):
To run a macro, type the macro name at the command prompt, starting at the first position. If the macro was defined with $* or any of the batch parameters $1 through $9, use a space to separate the parameters.
I have created a batch file (say test.bat). In test.bat I called the tool certmgr.exe to delete the certificate from the certificate store. But when multiple certificate in store with same name, then certmgr.exe, asking the option like which certificate want to delete.
But I want to if the certmgr.exe find the same name certificate in store, then delete all the certificate, no need to ask to user for confirmation. Any idea?
Thanks,
I see that you already resolved this issue by using certutil.exe, but another solution using certmgr.exe could be achieved by piping 1 to the certmgr command (so it always delete the first certificate with the specified name) and then looping on that command until no other certificates exist with that name.
So something like:
while(certificateExistsWithName(certName)) //this is pseudocode that would need to be implemented
echo 1 | certmgr.exe /del /n "certName" /s myStore... etc
I recently came across a problem generating self-signed certificates in an automated fashion. Anytime I run makecert.exe I get a pop-up window for a password for the certificate. However, these certificates will never be distributed, so I don't need a password or anything.
How can I get makecert.exe to work without requiring a GUI?
If it helps, my command line takes this kind of form:
makecert.exe mycert.cer -r -n "CN=random-hex-number" -$ individual
-sv private.pkv -pe -cy end
I didn't solve the root problem, but found a way to work around it. It only prompts for a password when you don't provide a private key. By generating a private key beforehand and passing it as the PVK, it won't prompt for a password now.
Put the certificate and the private keys in a folder.
then use the pvk2pfx tool to combine them into one file.
Then when your ready to install use
#pushd "%~dp0"
#start "" /b (command) "%~dp0"
The pushd keeps it the files directory, and start "" /b runs the program without bring up the interface.
While generating the private key using this command
genrsa -out my-prvkey.pem 1024
It throws the error like below
Loadind 'screen' into random state -done Generating RSA private
key,1024 bit long modulus
.........................................+++++++
...........................+++++++++ unable to write 'random state' e
is 65537 (0*10001)
This makes any problem while creating a public certificate. I'm running this command in windows. Can anyone help me for the fix?
The quickest solution is: set environment variable RANDFILE to path where the 'random state' file can be written (of course check the file access permissions), eg. in your command prompt:
set RANDFILE=C:\MyDir\.rnd
openssl genrsa -out my-prvkey.pem 1024
More explanations:
OpenSSL on Windows tries to save the 'random state' file in the following order:
Path taken from RANDFILE environment variable
If HOME environment variable is set then : ${HOME}\.rnd
C:\.rnd
I'm pretty sure that in your case it ends up trying to save it in C:\.rnd (and it fails because lack of sufficient access rights). Unfortunately OpenSSL does not print the path that is actually tries to use in any error messages.
It may also be that you need to run the console as an administrator. On windows 7, hold ctrl+shift when you launch the console window.
just enter this line in the command line :
set RANDFILE=.rnd
Or this in windows powershell
$env:RANDFILE=".rnd"
I did not find where the .rnd file is so I ran the cmd as administrator and it worked like a charm.
Download openssl for windows from https://code.google.com/archive/p/openssl-for-windows/downloads
Set Environment variable to the path variable as path="C:\your_folder\openssl-0.9.8k_X64\bin"
Run below commands on the same path of bin