Hello,
Sorry to bug the list again, but I haven't been able to find any more useful information in the faq, man pages, or archives in regards to this problem.
My cert is from thawte. If I use an invalid cert or key I get an error, so I think they're okay. I've imported the root CA's into the TRUST store (contents of store attached).
However, while the application appears to get signed (no errors from signcode), it doesn't checkout in either chktrust or on windows.
chktrust says:
WARNING! Setup.exe is not timestamped!
ERROR! Setup.exe couldn't find the certificate that signed the file!
chktrust.exe on windows says: "The digital signature of the object did not verify". It does, however, correctly show my name under the signer information, and my certificate under "view certificate".
If anyone wants me to sign something so you can see what's happening, just let me know.
Thanks,
Daryn
----- Original Message ----- From: "Sébastien Pouliot" <[EMAIL PROTECTED]>
To: "Daryn Nakhuda" <[EMAIL PROTECTED]>; <mono-devel-list@lists.ximian.com>
Sent: Thursday, April 21, 2005 4:50 AM
Subject: RE: [Mono-devel-list] Authenticode / signcode / chktrust problem
Hello Daryn,
I'm having a problem signing some code (the pvk & spc are valid, and work fine for signing on windows using signcode.exe)
1. signcode -spc mycert.spc -v mykey.pvk -t http://timestamp.verisign.com/scripts/timstamp.dll Setup.exe Mono SignCode - version 1.1.5.0 Sign assemblies and PE files using Authenticode(tm). Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
2. chktrust -v /root/Setup.exe Mono CheckTrust - version 1.1.5.0 Verify if an PE executable has a valid Authenticode(tm) signature Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
Verifying file Setup.exe for Authenticode(tm) signatures...
WARNING! Setup.exe is not timestamped! ERROR! Setup.exe couldn't find the certificate that signed the file!
My guess is that perhaps this has something to do with CA's,
Maybe but this isn't the error that chktrust would normally display if it was missing the root certificate.
and I've downloaded the CA Certs from thawte and verisign, but I'm not sure I've installed them correctly using certmgr, as I'm not sure the proper use of the various stores.
Is your certificate from Thawte or VeriSign ?
Some people had problem with the SPC file supplied by VeriSign because it use undefined length encoding in it's ASN.1 structure. The "trick" is to import it in Windows then export it back to a SPC file. Windows will have converted the structure to "defined" length - which Mono tools can understand.
Look in bugzilla for #68903 for a detailled workaround.
This is what I did (for every CA cert I could find):
certmgr -add -c -m CA ThawteServerCA.cer Mono Certificate Manager - version 1.1.5.0 Manage X.509 certificates and CRL from stores. Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
1 certificate(s) added to store CA.
Wrong store. You must use the Trust store if you want chktrust to validate
your signatures. The CA store can be used for any type of CA (i.e. not only
root CA).
http://www.mono-project.com/FAQ:_Security or "man certmgr"
Also, on Widows, when I look at the properties > digital signatures, the signature IS there, but it says it is "not valid".
Can anyone provide some guidance?
The FAQ and the man pages of the tools should be able to answers most questions. Also have a look at the mailing list archives.
Sebastien Pouliot home: [EMAIL PROTECTED] blog: http://pages.infinit.net/ctech/poupou.html
_______________________________________________
Mono-devel-list mailing list
Mono-devel-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-devel-list
[EMAIL PROTECTED] certs]# certmgr -list -c Trust Mono Certificate Manager - version 1.1.5.0 Manage X.509 certificates and CRL from stores. Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.
Self-signed X.509 v3 Certificate Serial Number: 01 Issuer Name: C=ZA, S=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, [EMAIL PROTECTED] Subject Name: C=ZA, S=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, [EMAIL PROTECTED] Valid From: 7/31/1996 5:00:00 PM Valid Until: 12/31/2020 3:59:59 PM Unique Hash: 1015676C3B5DEDEC330183A43E1FCCA2
Self-signed X.509 v1 Certificate Serial Number: 7A5B50D9A6B0E72945985F8C49CB7061 Issuer Name: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 1999 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 2 Public Primary Certification Authority - G3 Subject Name: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 1999 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 2 Public Primary Certification Authority - G3 Valid From: 9/30/1999 5:00:00 PM Valid Until: 7/16/2036 4:59:59 PM Unique Hash: 1BFA4731FCBB41F57F97A7B7D2B5C24CFB759190
X.509 v3 Certificate Serial Number: 01000030 Issuer Name: C=ZA, S=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, [EMAIL PROTECTED] Subject Name: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte SSL Domain CA Valid From: 5/3/2004 5:00:00 PM Valid Until: 5/3/2014 4:59:59 PM Unique Hash: 2990FC4BE6A80D345D0EF54A257B0835A7058E0A
X.509 v3 Certificate Serial Number: 02000030 Issuer Name: C=US, O="VeriSign, Inc.", OU=Class 3 Public Primary Certification Authority Subject Name: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte SGC CA Valid From: 5/12/2004 5:00:00 PM Valid Until: 5/12/2014 4:59:59 PM Unique Hash: 359E04DE26C38DC0CF31F85349A00C5B557F003C
Self-signed X.509 v3 Certificate Serial Number: 01 Issuer Name: C=ZA, S=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [EMAIL PROTECTED] Subject Name: C=ZA, S=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [EMAIL PROTECTED] Valid From: 7/31/1996 5:00:00 PM Valid Until: 12/31/2020 3:59:59 PM Unique Hash: 5F3D1AA6F471A760663EB7EF254281EF
Self-signed X.509 v1 Certificate Serial Number: A4B1CE4838AFCF000B85548456755B8B00 Issuer Name: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 1999 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 1 Public Primary Certification Authority - G3 Subject Name: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 1999 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 1 Public Primary Certification Authority - G3 Valid From: 9/30/1999 5:00:00 PM Valid Until: 7/16/2036 4:59:59 PM Unique Hash: 6AD6CBA0916142FC5F3C64F342C18D2CCFC66EC4
Self-signed X.509 v1 Certificate Serial Number: D75E942FCC7CC4CF016A756E8BA7A0EC00 Issuer Name: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 1999 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 4 Public Primary Certification Authority - G3 Subject Name: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 1999 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 4 Public Primary Certification Authority - G3 Valid From: 9/30/1999 5:00:00 PM Valid Until: 7/16/2036 4:59:59 PM Unique Hash: CA6ACAAB3249450E7A9D1277CE1EA0D936A63BAC
Self-signed X.509 v3 Certificate Serial Number: 00 Issuer Name: C=ZA, S=FOR TESTING PURPOSES ONLY, O=Thawte Certification, OU=TEST TEST TEST, CN=Thawte Test CA Root Subject Name: C=ZA, S=FOR TESTING PURPOSES ONLY, O=Thawte Certification, OU=TEST TEST TEST, CN=Thawte Test CA Root Valid From: 7/31/1996 5:00:00 PM Valid Until: 12/31/2020 1:59:59 PM Unique Hash: D8AD2B8BF9EB4E19AD013D8D5B7BAB49
Self-signed X.509 v1 Certificate Serial Number: 57EF29714890EED5B9623EA349067E9B00 Issuer Name: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 1999 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority - G3 Subject Name: C=US, O="VeriSign, Inc.", OU=VeriSign Trust Network, OU="(c) 1999 VeriSign, Inc. - For authorized use only", CN=VeriSign Class 3 Public Primary Certification Authority - G3 Valid From: 9/30/1999 5:00:00 PM Valid Until: 7/16/2036 4:59:59 PM Unique Hash: DF243244279C8EB88633DAB7F89E9BE55C94492E
X.509 v3 Certificate Serial Number: 0A Issuer Name: C=ZA, S=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [EMAIL PROTECTED] Subject Name: C=ZA, O=Thawte Consulting (Pty) Ltd., CN=Thawte Code Signing CA Valid From: 8/5/2003 5:00:00 PM Valid Until: 8/5/2013 4:59:59 PM Unique Hash: F6297A00D3B2B4CE4750402B66E7EA018D54F683
