Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Signing MSI with X509Certificate2 results in odd (random) program name
49 views
Skip to first unread message
infa...@gmail.com
Aug 31, 2017, 11:56:22 AM8/31/17
to
Hi together,
since two days I've literally breaking my head about how to programmatically sign a MSI file so that UAC shows the correct program name.
Most of code is from here: https://stackoverflow.com/questions/26344271/how-to-programmatically-code-sign-an-executable-with-a-pfx-bouncy-castle-or-oth
First: I've tried to set FriendlyName to X509Certificate2 - does not work.
Second: cert.Extensions.Add(new X509Extension(new AsnEncodedData(new Oid(ASN1.Microsoft.Authenticode.SPC_SP_OPUS_INFO_OBJID), Encoding.Unicode.GetBytes("somestring")), false)); - this does not work either.
P.S. SPC_SP_OPUS_INFO_OBJID = "1.3.6.1.4.1.311.2.1.12"
Third: using P/INVOKE with CRYPT_ATTR_BLOB, CRYPT_ATTRIBUTE and CRYPT_ATTRIBUTES and set the latter (as IntPtr) to SIGNER_SIGNATURE_INFO.psUnauthenticated - this results in some very strange result code of 0x80070000 (The operation completed successfully) coming from SignerSignEx, the msi file to be signed is not signed (modified).
Some other user experience points to the same error:
https://blogs.msdn.microsoft.com/alejacma/2008/12/11/how-to-sign-exe-files-with-an-authenticode-certificate-part-2/ (second comment)
and
https://social.msdn.microsoft.com/Forums/en-US/5d429c0e-dad0-4f28-b636-d43a57e0e5bc/authenticated-attributes-in-authenticode-signing?forum=windowssdk
__BUT__ this guy (second comment) says it is possible and working:
https://blogs.msdn.microsoft.com/alejacma/2010/02/17/signersignex-returns-error-0x80070020/
So, my question: is is possible and if yes, how? Have somebode a working c# example?
Many thanks to considering my question!
Alex
since two days I've literally breaking my head about how to programmatically sign a MSI file so that UAC shows the correct program name.
Most of code is from here: https://stackoverflow.com/questions/26344271/how-to-programmatically-code-sign-an-executable-with-a-pfx-bouncy-castle-or-oth
First: I've tried to set FriendlyName to X509Certificate2 - does not work.
Second: cert.Extensions.Add(new X509Extension(new AsnEncodedData(new Oid(ASN1.Microsoft.Authenticode.SPC_SP_OPUS_INFO_OBJID), Encoding.Unicode.GetBytes("somestring")), false)); - this does not work either.
P.S. SPC_SP_OPUS_INFO_OBJID = "1.3.6.1.4.1.311.2.1.12"
Third: using P/INVOKE with CRYPT_ATTR_BLOB, CRYPT_ATTRIBUTE and CRYPT_ATTRIBUTES and set the latter (as IntPtr) to SIGNER_SIGNATURE_INFO.psUnauthenticated - this results in some very strange result code of 0x80070000 (The operation completed successfully) coming from SignerSignEx, the msi file to be signed is not signed (modified).
Some other user experience points to the same error:
https://blogs.msdn.microsoft.com/alejacma/2008/12/11/how-to-sign-exe-files-with-an-authenticode-certificate-part-2/ (second comment)
and
https://social.msdn.microsoft.com/Forums/en-US/5d429c0e-dad0-4f28-b636-d43a57e0e5bc/authenticated-attributes-in-authenticode-signing?forum=windowssdk
__BUT__ this guy (second comment) says it is possible and working:
https://blogs.msdn.microsoft.com/alejacma/2010/02/17/signersignex-returns-error-0x80070020/
So, my question: is is possible and if yes, how? Have somebode a working c# example?
Many thanks to considering my question!
Alex
0 new messages