search

mtrojnar / osslsigncode

OpenSSL based Authenticode signing for PE/MSI/Java CAB files
Other
731 stars 124 forks source link

signed cat with some cross = SignTool Error: No signature found (v2.7) #310

Closed westyles closed 8 months ago

westyles commented 9 months ago

A few of my certificates with cross are fine. Windows and signtool verify ok. But a few others with cross - Windows OK, but SignTool Error: No signature found

If you do not specify cross, then SignTool OK !!! The problem with adding a cross for CAT If you sign the sys files, then everything is ok with all of them!

signtool Fail (No signature found):

osslsigncode sign -in vfd.cat -out vfd_2.cat -nolegacy -h sha1 -time 1420059600 -verbose -spc Client+Int.crt -key Client+Int.key -ac CrossMS.crt  
signtool verify /v "vfd_2.cat"

Verifying: vfd_2.cat

Signature Index: 0 (Primary Signature)
Hash of file (sha1): EE4EF7342EC1E06B1A4133FFDFCA8B952FC0860F

Signing Certificate Chain:
File is not timestamped.

SignTool Error: No signature found.
.....................

signtool OK (signature found):

osslsigncode sign -in vfd.cat -out vfd_2.cat -nolegacy -h sha1 -time 1420059600 -verbose -spc Client+Int.crt -key Client+Int.key 
signtool verify /v "vfd_2.cat"

Verifying: vfd_2.cat

Signature Index: 0 (Primary Signature)
Hash of file (sha1): EE4EF7342EC1E06B1A4133FFDFCA8B952FC0860F

Signing Certificate Chain:
    Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
    Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
    Expires:   Thu Jul 17 02:59:59 2036
    SHA1 hash: 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5

        Issued to: VeriSign Class 3 Code Signing 2010 CA
        Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
        Expires:   Sat Feb 08 02:59:59 2020
        SHA1 hash: 495847A93187CFB8C71F840CB7B41497AD95C64F

            Issued to: MEDIATEK INC.
            Issued by: VeriSign Class 3 Code Signing 2010 CA
            Expires:   Sun Jun 25 02:59:59 2017
            SHA1 hash: A7DC8CB973EF5F54AF0889549D84DEE51A7DB839

File is not timestamped.
...............

Attached file with problematic certificates with cross Certs+cat.zip

westyles commented 8 months ago

Hello. Please build a beta version with these changes, then I can check the result of this change. I am not able to build osslsigncode on Windows 10 according to the provided instructions to test this before your release.

mtrojnar commented 8 months ago

No need for a beta version. GitHub Actions automatically builds all new code: https://github.com/mtrojnar/osslsigncode/suites/17322045454/artifacts/989702084

westyles commented 8 months ago

No need for a beta version. GitHub Actions automatically builds all new code:

Confirmed osslsigncode-2.8-dev, now correctly signs cat with all my certificates with cross. Including timestamps. I'll keep testing. I didn't know how to get a dev link like that, thank you.