I understand that the Microsoft signtool utility and Powershell Set-AuthenticodeSignature cmdlet generate a hash of the data to be signed and use that to compute the signature. I need to get the hash value for auditing purposes. Are there code examples or utilities that can do that? If not, is there a guide on computing that programmatically?
Related
As so far I was using "CAPICOM" for code signing.
But currently using "Platform SDK Redistributable: CAPICOM" link to get this SDK you will see We're sorry, this download is no longer available..
So I was curious what other code signing possibilities are.
As I have a license for the Chilkat software, I was wondering how to use this code signing software.
For this moment I only found this 8 year old answer:
http://www.chilkatforum.com/questions/3757/code-signing
And this reference documentation:
https://www.chilkatsoft.com/refdoc/xChilkatCertRef.html#prop8
But no one examples.
Could somebody help me how to use Chilkat component for codeSigning ?
ps.
For my best would be VBScript example, if not then any other will be fine.
Code signing functionality would require inserting the signature (Authenticode Signature Format) into the Windows PE File Format. Although Chilkat has the ability to create PKCS7/CMS signatures, there is no implementation at this time to do the PE insertion. If Chilkat does it in the future, you will find methods and examples explicitly for code signing.
(The ForCodeSigning property of a Certificate is just an indication of the intended usage of a certificate. It does not imply code signing ability.)
I have been using CAM::PDF perl module for password protection of pdf documents, The default encryption level is 40-bit.
This is not very strong. Is it possible to increase this to at least 128-bit?
I am looking for command line tool that can be used in Linux or Windows with perl.
There is is paid tool verypdf which does this, but before purchasing this want to make sure
if there is perl/open source way to do it without using commercial apps.
Thanks
Raj
pdftk seems to support either 40-bit or 128-bit encryption.
Due to Windows changing their security policies, we are planning to begin code-signing driver files with the SHA-256 algorithm instead of SHA-1. However, we still want to be able to support older OS's that still require SHA-1 signing.
Using Microsoft's signtool.exe we are able to code sign files successfully with both SHA-1 and SHA-256 digest algorithms using the /fd flag. However, if possible, we would like to sign the file with both algorithms simultaneously. Is this even possible? We would like to avoid having multiple sets of drivers that are signed with different algorithms and determining which set to install based on OS -- which would be our alternative approach.
If anyone has had experience with accomplishing this please explain what approach you took. If this isn't possible, an explanation of why it's impossible would be appreciated.
You can append the second certifcate to the EXE/DLL/SYS by calling signtool sign /as [signing cert parameters] [name of file]
I need to find the product version of an installed application using the product code GUID. Is there a way to do this using a simple API call of some sort? I have found ways to do it using P/Invoke and the WindowsInstaller namespace, but I am trying to avoid using P/Invoke.
The Windows Installer exposes Win32 API functions (P/Invoke) as you have discovered. It also has COM automation interfaces that wrap these APIs but I'm sure you can guess is this is even less elegant. Windows Installer XML (WiX) Deployment Tools Foundation (DTF) has an MSI interop library that wraps it as managed code but I'm sure you can guess what it's doing under the covers: P/Invoke.
There are ways of getting it from the registry but this is not the official API and is less elegant IMO.
So to answer your question, you are already doing it in a very good and professional way.
If you want to get sneaky you can look through the registry to figure it out. When an MSI is installed windows creates a set of registry keys under:
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\<munged-ProductCode>
or
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\<munged-ProductCode>
(depending on your machine/MSI bitness)
Under that registry location there should be a registry value named "ProductVersion". The trick is to know how to 'munge' a windows GUID (see http://www.vmwareinfo.com/2011/09/surgically-eliminating-windows.html).
I am trying to store the data as secured possible way in database.
For that I am triyng to implement the SHA-256 algorithm in Powerbuilder version 6.5.
This sound old that I am implememting the SHA 256 in PowerBuilder (Desktop Application Development Tool).
Though yet it is outdated we need to implement this secure functionality in PowerBuilder
Because lots of applications are dependant on it.
I Googled for any library for PB 6.5 for SHA256 but didn't get anything.
So please can any one tell me how can I achieve this SHA-256 in PowerBuilder or is there any ready library available fot SHA256 for PB 6.5.
Thanks in Advance.
Have a look at this PB library wich uses the Microsoft Crypto API.
The example is for PB 8+, I've managed to have it running in PB7 by exporting the nvo and windows objects and importing them in a new PB7 library.
According to the MSDN documentation you'll have to use the "Microsoft Enhanced RSA and AES Cryptographic Provider" to be able to calculate the SHA256 hash.