mtrojnar
commented
2 years ago Does SignTool produce PSS signatures? Could you share an example executable signed using PSS, so that we can investigate it?
Closed rimmeraj closed 1 year ago
mtrojnar
commented
2 years ago Does SignTool produce PSS signatures? Could you share an example executable signed using PSS, so that we can investigate it?
rimmeraj
commented
2 years ago I manged to get this to work with jsign. Here is a signed curl [Uploading curl.zip…]()
mtrojnar
commented
1 year ago @rimmeraj Could you correct your link?
when I am using the openssl dgst sign option I have to add the following parameters to the command line to get it to work with google KMS.
-sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1
The whole command openssl dgst -sha512 -engine pkcs11 -keyform engine -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -sign 'pkcs11:object=windows-sign' work/myFile.msi
I am trying to sign
osslsigncode sign -certs sign.cer -pkcs11module libkmsp11-1.1-linux-amd64-fips/libkmsp11.so -key 'pkcs11:object=windows-sign' -in work/myFile.msi -out work/myFileSigned.msi
and get I20220913 21:13:51.094653 15 logging.cc:137] returning 0x68 from C_SignInit due to status FAILED_PRECONDITION: at preconditions.cc:47: mechanism 0x1 is not permitted for key
Which is the same error as the openssl command above if I remove the -sigopt How do I add them ?