Hello Daryn, > I'm having a problem signing some code (the pvk & spc are valid, > and work > fine for signing on windows using signcode.exe) > > 1. signcode -spc mycert.spc -v mykey.pvk -t > http://timestamp.verisign.com/scripts/timstamp.dll Setup.exe > Mono SignCode - version 1.1.5.0 > Sign assemblies and PE files using Authenticode(tm). > Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 > Novell. BSD licensed. > > 2. chktrust -v /root/Setup.exe > Mono CheckTrust - version 1.1.5.0 > Verify if an PE executable has a valid Authenticode(tm) > signature > Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 > Novell. BSD licensed. > > Verifying file Setup.exe for Authenticode(tm) signatures... > > WARNING! Setup.exe is not timestamped! > ERROR! Setup.exe couldn't find the certificate that > signed the > file! > > > My guess is that perhaps this has something to do with CA's,
Maybe but this isn't the error that chktrust would normally display if it was missing the root certificate. > and I've > downloaded the CA Certs from thawte and verisign, but I'm not sure I've > installed them correctly using certmgr, as I'm not sure the proper use of > the various stores. Is your certificate from Thawte or VeriSign ? Some people had problem with the SPC file supplied by VeriSign because it use undefined length encoding in it's ASN.1 structure. The "trick" is to import it in Windows then export it back to a SPC file. Windows will have converted the structure to "defined" length - which Mono tools can understand. Look in bugzilla for #68903 for a detailled workaround. > This is what I did (for every CA cert I could find): > > certmgr -add -c -m CA ThawteServerCA.cer > Mono Certificate Manager - version 1.1.5.0 > Manage X.509 certificates and CRL from stores. > Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 > Novell. BSD licensed. > > > 1 certificate(s) added to store CA. Wrong store. You must use the Trust store if you want chktrust to validate your signatures. The CA store can be used for any type of CA (i.e. not only root CA). http://www.mono-project.com/FAQ:_Security or "man certmgr" > Also, on Widows, when I look at the properties > digital signatures, the > signature IS there, but it says it is "not valid". > > > Can anyone provide some guidance? The FAQ and the man pages of the tools should be able to answers most questions. Also have a look at the mailing list archives. Sebastien Pouliot home: [EMAIL PROTECTED] blog: http://pages.infinit.net/ctech/poupou.html _______________________________________________ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list