how to remove programmatically an Outlook signature on a client?
We have set in Exchange server a default signature. What happens is that a user has a
personal signature, the signature is doubled.
Why not delete the files where the signature is stored?
Related
As I can see, in Windows, the Digital Signature tab of an EXE file will show the Company Name, City Name, and Country Name of the company.
Is the user able to find the detailed address of the company from the signature? The situation is the same for OV and EV code signings?
Thank you.
Information appearing on the Digital Signature tab come from the 'Subject' field of the certificate.
This information is provided by the company when signing keys are generated.
Then, those keys are used to generate a Certificate signing request (CSR) who contains this information + public key.
This is this CSR who is transmitted to the certificate authority.
The certificate authority will then sign digitally the certificate with his proper key, after validation of information present on the CSR. It will not add any further information about the company, only validate and sign. The validation process of the company by the authority will be different for OV or EV, but information present on the certificate stays those provided by the company on the CSR.
The detailed address of the company will appear only if it was provided when signing keys were generated.
This is not typical information required on a certificate, but the company can choose to add personalized information on the Subject field.
I am not aware of any certificate authority who require the detailed address on CSR.
I don't believe so as it would not be very secure to display the company's detailed information. This could lead to someone breaking in or harassing workers where Microsoft could be blamed as they let the company's address go public.
Data about an exe file made with visual studio is created like this inside the AssemblyInfo.cs (in C# projects) in the properties. This is all the data that can be found if I'm correct. Every application made in visual studio will have something like this, I'm not sure about C++ projects, but it should be something around the lines like this.
I have 2 code signing certificates, for both CSR is created same way, also import and export is done same way. The only difference that I see is that one of certificates Common name contains Quotes, and the other doesn't.
e.g.
some cert and
some "cert"
CSR creation
Request format PKCS #10
disabled "Strong private key encryption"
Entered Common name, Organization, Locality, State, Country
2048 bytes for private key
set private key exportable
Import
place all certificates in Personal store
Export
Include all certificates if possible
Enable certificate privacy
encryption algorithm TripleDES-SHA1
Misleading thing is that this Common name value is NOT taken from the value I entered when I created CSR request
I am using those certificates to sign Winforms applications in Visual Studio. Certificate without Quotes in common name is working correctly (i.e. when I install application user is not getting security warning about unknown publisher), but when I install application which is signed with the other Code signing certificate (with Quotes in Common name) - it does not recognize Publisher. No error when published my application. When I take a look at setup.exe properties in Windows Explorer I see a Digital signatures tab which contains row for my certificate.
I tried to sign files with signtool and then verify - it said that certificate is valid.
I tried to get help from godaddy.com where I bought my certificate, they said that it should work with quotes, too, but didn't offer help to solve the issue. Rekey also didn't help.
I see that there are some suggestions to use Pre Publish, Post Build tasks, but I am not using those for my first certificate which is working.
So, is anyone here using code signing certificate for Winforms application with common name having quotes in it? Or maybe anyone knows about this problem and how to solve it?
Had to revoke (common name which is entered when creating CSR is not taken into account, so rekeying is not enough!) my code signing certificate and create from start without quotes/brackets in company name.
So this means, you will have to wait again for few days, because verification process is made from start again. When you will be contacted by issuer, they will verify / ask you about company name - make sure that they do not include quotes/brackets.
Revoking means that you will basically have to buy your certificate once more, because after you revoke it (at least in godaddy case) in your account you don't have options to create it again. So, you have to contact support (use call center and not chat ;)
Is there a Windows API (preferably with a managed .NET wrapper) that allows data to be encrypted and the same data to only be decrypted when called from the same digitally signed application?
For example, I have a cached security token for the desktop application that gets sent to the server. This token is used on login when the user checks "Remember me". I'd like to encrypt this token that the application stores in such a way that only my application that encrypted it can decrypt it. I can't have the key/iv hard-coded in the application. Somehow the OS (Windows) must support something like this where it uses a digital signature on the entry point's executable file to validate and allow the decryption.
I need to avoid having the user enter any credentials to encrypt/decrypt this token. The whole point of auto-login is for the user to not have to enter credentials.
Yes, the cached login is a security risk, but restricting the token usage to the digitally signed application reduces the surface area exposed.
I don’t think desktop Windows apps can do that. Windows store apps probably can, I think they have some per-install security stuff.
The closest thing for desktops is probably ProtectedData class from .NET. Specify DataProtectionScope.CurrentUser to use some OS-provided crypto key specific to user account.
Don’t forget about optionalEntropy argument. I usually use a buffer from random.org I hardcode in the source.
I am trying to access user's mailbox as well as archive mailbox using Outlook MAPI. Outlook version is 2013. User's mailbox and archive both are in O365 (Exchange Online)
I am able to access users mailbox. However, access to users archive mailbox fails.
I have user's email address and Archive GUID of the archive mailstore.
Can someone please help me understand how to pass Archive GUID of user's mailbox to IMAPISession:OpenMsgStore.
Thanks,
Pranay
You will need to retrieve the legacy DN and server information from the autodiscover XML (Type == Archive), then construct the store entry id using IExchangeManageStore::CreateStoreEntryID in the same fashion as when opening a delegate mailbox.
I am writing a windows service which can be triggered whenever a new certificate is added to the MY certificate store. It then opens the certificate store through this service and carries out some actions.
Is there a way to implement a callback function in the service/application which can be called by the crypto APIs when applications like mmc.exe or certreq.exe request and install a new certificate in the certificate store?
Found an alternative. MY cert store certificates are written in
C:\Users\username\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
Now using a directory event watcher to view newly installed certificates.