Make signatures with SHA-512 verify in Windows

ebourg / jsign

Java implementation of Microsoft Authenticode for signing Windows executables, installers & scripts

https://ebourg.github.io/jsign

Apache License 2.0

250 stars 107 forks source link

Make signatures with SHA-512 verify in Windows #56

Closed netmackan closed 5 years ago

netmackan commented 5 years ago

Make output more similar to that from SignTool by:

Filtering out CMS attributes
Always including SPC SP OPUS Info
Not using "<<>>" string

With this changes SHA-512 is also verified correctly (issue #55).

coveralls commented 5 years ago

Coverage decreased (-0.008%) to 88.223% when pulling a1481e21b3fd2a8193513cbac8458863d17e213f on netmackan:sha-512-1 into 261f74c36253457cf454649643172857d2c5fd9e on ebourg:master.

ebourg commented 5 years ago

Thank you for the fix Markus. Is the removal of the signing time and CMS algorithm protection attributes required to validate the SHA-512 signature?

netmackan commented 5 years ago

It turned out that not including the extra CMS attribute was not needed. The issue seems to have been only with the spc info.

ebourg commented 5 years ago

Merged, thank you!