Authenticode

Got a problem you cannot solve? Try here.
sherry gomindes
Posts: 7
Joined: Mon Nov 03, 2008 12:29 am

Authenticode

Postby sherry gomindes » Mon Mar 16, 2009 6:36 am

Hi

Can anyone tell me how to use Authenticode? How to generate the needed certificates?

I tried by using .pfx certificate but it gives an error while building "code can not be signed"

it's urgent
Thanks

MichaelNesmith
Posts: 3452
Joined: Thu Dec 22, 2005 7:17 pm
Contact:

Postby MichaelNesmith » Tue Mar 17, 2009 9:31 am

You want to convert your PFX into an SPC and PVK file pair for them to work with InstallAware.
Last edited by MichaelNesmith on Thu Jan 07, 2010 8:28 pm, edited 1 time in total.
Michael Nesmith
InstallAware
Home of The Next Generation MSI Installer
Get your free copy today - http://www.installaware.com/

sherry gomindes
Posts: 7
Joined: Mon Nov 03, 2008 12:29 am

Authenticode

Postby sherry gomindes » Wed Mar 18, 2009 4:29 am

Hi

Please find the attachment.
Refering to the above post, when i mentioned PFX file, i refered to the location where it says "Private Key File". so i loaded a .pfx file.

If i'm wrong please let me know how to go about the certificates and the Authenticode cause i need to get this working.


Thanks

File Attached:

key.bmp
Thanks

MichaelNesmith
Posts: 3452
Joined: Thu Dec 22, 2005 7:17 pm
Contact:

Postby MichaelNesmith » Wed Mar 18, 2009 8:02 am

I believe some certificate vendors provide instructions on conversions. Just contact their technical support for help. They might even be able to mail you the files in the correct format.
Last edited by MichaelNesmith on Thu Jan 07, 2010 8:29 pm, edited 1 time in total.
Michael Nesmith

InstallAware

Home of The Next Generation MSI Installer

Get your free copy today - http://www.installaware.com/

Chris Miller
Posts: 66
Joined: Fri Mar 09, 2007 9:46 am
Location: Albany, NY
Contact:

Postby Chris Miller » Fri Mar 20, 2009 2:41 pm

Using Authenticode is pretty straight forward, but a .pfk file is not a "Private Key File". Private key files typically have the extension ".pvk". A .pfk file is usually the public key file. Did your certificate issuer supply you with a file with a ".pvk" extension?

You will also need a "Software Publishing Certificate" (*.spc or *.cer file) . It's been a while since I've had to work with Authenticode files, but I believe that you create the .pfk file from the .pvk and .spc files.

The following links have a lot of helpful information.
https://search.thawte.com/support/ssl-d ... &id=SO2706
http://msdn2.microsoft.com/en-us/library/aa906332.aspx
http://forums.microsoft.com/MSDN/ShowPo ... 9&SiteID=1
http://www.pantaray.com/signcode.html

davemcl
Posts: 13
Joined: Tue May 15, 2007 12:12 am

Postby davemcl » Wed Apr 01, 2009 2:04 am

Also make sure you request the cert from the provider using Windows XP, not Vista - if using Vista you wont be prompted to save the private key file, instead its stored somewhere in the registry and you cant export it.
If its too late then reissues are usually free.
Once you have the .pvk and .spc files sorted signing with IA is a piece of cake.
You can sign dll's etc with .PFX using other tools available from Microsoft - signcode.exe.
You can create a .pfx from a .pvk and .spc using pvkimprt.exe

Dave

DevilSun
Posts: 19
Joined: Wed Jul 01, 2009 6:11 pm
Location: Oregon

Postby DevilSun » Wed Jul 29, 2009 7:39 pm

Not sure if you ever figured this out or not, but since I searched, and had the same hassle of "how do I end up with those two required files when I only have a PFX"...here's some input from me.

Useful site - http://www.matthew-jones.com/articles/codesigning.html

First, I had to get the certificate out of Firefox and install onto my computer, so I could export it to a PFX file. Then, you have to use OpenSSL (only way it seems) to split a PFX files into the two pieces you need to start down the road. However, it takes about 5 steps to arrive at the end result of the two correct files...and dozens of times entering your private key password.

Anyways, it only took me a few minutes once I found the right resources (some listed in this thread + my link + a little bit of googling mostly to find link I posted) to implement and get my setup signed correctly...but it took me an hour or so to compile all the info and sift through it.

Hope this helps someone!

P.S. - If you have availability to use "SignTool" from Windows SDK, it will take a PFX and save you some hassle (however doesn't integrate into InstallAware itself); you need to manually run it, or automate it using FinalBuilder or something similar.

MichaelNesmith
Posts: 3452
Joined: Thu Dec 22, 2005 7:17 pm
Contact:

Postby MichaelNesmith » Thu Jul 30, 2009 7:33 am

That's a great post! Promoting to a sticky :)
Michael Nesmith

InstallAware

Home of The Next Generation MSI Installer

Get your free copy today - http://www.installaware.com/

dunion
Posts: 106
Joined: Tue Oct 14, 2008 10:43 am

There is a problem with 64 bit Vista/Windows7

Postby dunion » Fri Dec 18, 2009 9:31 am

I'm told you can't use SPC/PFX files on Vista, you need to use the PFX file format. But the installer doesn't seem to have that facility (InstallAware 9). I have installed the verisign cross certificate in my machine that will build the installs and I'll have the PFX file.

I believe this was largely aimed at Kernel Mode Apps/Drivers. If this isn't kernel mode can I still use SPC/PFX Files on Vista x64/Windows 7 x64 or do I still need to use the PFX file via SignTool:

signtool sign /v /ac "fullpath\\MSCV-VSClass3.cer" /s my /n "Company Cert Name" fullpath\\myfile.exe

neillans
Posts: 536
Joined: Sat Nov 04, 2006 6:21 am
Location: Scottish Borders, UK
Contact:

Postby neillans » Wed Jan 06, 2010 3:48 pm

I haven't heard of any reason why you can not use the two seperate certificate files and the InstallAware Authenticode support version using a PFX. The only difference is that the PFX contains both certificates, as well as an additional level of security applied to control exporting.
Andy Neillans

dunion
Posts: 106
Joined: Tue Oct 14, 2008 10:43 am

I am using the 'old' style certificates

Postby dunion » Wed Jan 06, 2010 4:42 pm

And it is letting me sign the main .exe; my main issue now is still a UAC issue, even with the user being admin and 'request elevation' 'always admin' for maximum, we still see an error trying to click the install icon, but when the user runs it from an admin prompt it works. Some digging on the MS forums seem to indicate maybe something is trying to create a temp file in a directory somewhere and being denied permission but no simple resolution.

Have you seen this? Could this be related to the authenticode settings?

DevilSun
Posts: 19
Joined: Wed Jul 01, 2009 6:11 pm
Location: Oregon

Postby DevilSun » Tue Mar 02, 2010 7:19 pm

I'm using SPC/PVK just fine on Windows 7 x64 to create/sign installations...both manually through IA, and from our build automation program.

HAHNmediaservice
Posts: 46
Joined: Sat Aug 28, 2010 9:41 am
Location: Germany
Contact:

Re: Authenticode

Postby HAHNmediaservice » Fri Sep 03, 2010 12:42 am

HAHN mediaservice
Inh. Irena Hahn
Seif-Wald-Ring 26
54329 Konz-Roscheid
Tel: +49 6501 6 03 96 79
Fax: +49 6501 9 22 31 29

keith
Posts: 39
Joined: Fri Jan 20, 2006 3:38 pm

Re: Authenticode

Postby keith » Tue Sep 14, 2010 4:29 pm

I'm currently signing my compressed single-file installer externally with signcode because I only have a .pfx file. This works just fine. However I've noticed that after using the signed installer, the CACHED copy - used by the Start menu uninstall shortcut created by IA - is NOT SIGNED.

I imagine this is because I'm not signing from within IA, and therefore the uncompressed stub inside my installer isn't getting signed (the uninstall shortcut points to an uncompressed folder containing all the guts of the installer).

I haven't had a chance to jump through all the hoops to get to a .cer/.pvk solution to test this myself, and won't if that isn't the issue. Can someone confirm that this is my problem? Any suggested workarounds other than the 2-file solution?

crilando
Posts: 5
Joined: Fri Apr 09, 2010 3:46 pm

Re: Authenticode

Postby crilando » Mon Oct 11, 2010 12:57 pm

Hello,
I have written some information on how to sign an application exe with InstallAware but also standalone signing with free standard tools. Also there is information of how to convert the certificates from pfx to the spc/pvk pairs which are necessary in InstallAware. Also you find information which certificate you need for signing applications and links to all needed sources.
The page is in written in German, but the scripts are with English names and all with screenshots are included so it is very easy to understand. So it is easy for everyone to understand how to do it with 7 simple steps.
I must say i have goggled a lot of hours and used much support calls until my first signing has functioned…
http://www.eulanda.de/inside/entwickler ... efault.htm
Best regards
Chris
www.eulanda.de
ERP international solutions


Return to “Technical Support”

Who is online

Users browsing this forum: No registered users and 39 guests