Daryn, Open a bug report at bugzilla.ximian.com and attach the following...
(a) the unsigned EXE file (as small as possible, e.g. an hello world); (b) the Mono signed EXE file (i.e. not working); (c) the Windows signed EXE file (i.e. working); (d) the SPC file (which contains only public stuff); (e) the private key _ONLY_IF_ it's a test key (NOT if you paid for it); Thanks, Sebastien Pouliot home: [EMAIL PROTECTED] blog: http://pages.infinit.net/ctech/poupou.html > -----Original Message----- > From: Daryn Nakhuda [mailto:[EMAIL PROTECTED] > Sent: 21 avril 2005 15:43 > To: [EMAIL PROTECTED]; mono-devel-list@lists.ximian.com > Subject: Re: [Mono-devel-list] Authenticode / signcode / chktrust > problem > > > Hello, > > Sorry to bug the list again, but I haven't been able to find any > more useful > information in the faq, man pages, or archives in regards to this problem. > > My cert is from thawte. If I use an invalid cert or key I get an > error, so > I think they're okay. I've imported the root CA's into the TRUST store > (contents of store attached). > > However, while the application appears to get signed (no errors from > signcode), it doesn't checkout in either chktrust or on windows. > > chktrust says: > WARNING! Setup.exe is not timestamped! > ERROR! Setup.exe couldn't find the certificate that > signed the > file! > > chktrust.exe on windows says: "The digital signature of the > object did not > verify". It does, however, correctly show my name under the signer > information, and my certificate under "view certificate". > > If anyone wants me to sign something so you can see what's > happening, just > let me know. > > > Thanks, > > Daryn > > > > ----- Original Message ----- > From: "Sébastien Pouliot" <[EMAIL PROTECTED]> > To: "Daryn Nakhuda" <[EMAIL PROTECTED]>; > <mono-devel-list@lists.ximian.com> > Sent: Thursday, April 21, 2005 4:50 AM > Subject: RE: [Mono-devel-list] Authenticode / signcode / chktrust problem > > > > Hello Daryn, > > > >> I'm having a problem signing some code (the pvk & spc are valid, > >> and work > >> fine for signing on windows using signcode.exe) > >> > >> 1. signcode -spc mycert.spc -v mykey.pvk -t > >> http://timestamp.verisign.com/scripts/timstamp.dll Setup.exe > >> Mono SignCode - version 1.1.5.0 > >> Sign assemblies and PE files using Authenticode(tm). > >> Copyright 2002, 2003 Motus Technologies. Copyright > 2004-2005 > >> Novell. BSD licensed. > >> > >> 2. chktrust -v /root/Setup.exe > >> Mono CheckTrust - version 1.1.5.0 > >> Verify if an PE executable has a valid Authenticode(tm) > >> signature > >> Copyright 2002, 2003 Motus Technologies. Copyright > 2004-2005 > >> Novell. BSD licensed. > >> > >> Verifying file Setup.exe for Authenticode(tm) signatures... > >> > >> WARNING! Setup.exe is not timestamped! > >> ERROR! Setup.exe couldn't find the certificate that > >> signed the > >> file! > >> > >> > >> My guess is that perhaps this has something to do with CA's, > > > > Maybe but this isn't the error that chktrust would normally > display if it > > was missing the root certificate. > > > >> and I've > >> downloaded the CA Certs from thawte and verisign, but I'm not sure I've > >> installed them correctly using certmgr, as I'm not sure the > proper use of > >> the various stores. > > > > Is your certificate from Thawte or VeriSign ? > > > > Some people had problem with the SPC file supplied by VeriSign > because it > > use undefined length encoding in it's ASN.1 structure. The "trick" is to > > import it in Windows then export it back to a SPC file. Windows > will have > > converted the structure to "defined" length - which Mono tools can > > understand. > > > > Look in bugzilla for #68903 for a detailled workaround. > > > >> This is what I did (for every CA cert I could find): > >> > >> certmgr -add -c -m CA ThawteServerCA.cer > >> Mono Certificate Manager - version 1.1.5.0 > >> Manage X.509 certificates and CRL from stores. > >> Copyright 2002, 2003 Motus Technologies. Copyright > 2004-2005 > >> Novell. BSD licensed. > >> > >> > >> 1 certificate(s) added to store CA. > > > > Wrong store. You must use the Trust store if you want chktrust > to validate > > your signatures. The CA store can be used for any type of CA (i.e. not > > only > > root CA). > > > > http://www.mono-project.com/FAQ:_Security > > or > > "man certmgr" > > > >> Also, on Widows, when I look at the properties > digital > signatures, the > >> signature IS there, but it says it is "not valid". > >> > >> > >> Can anyone provide some guidance? > > > > The FAQ and the man pages of the tools should be able to answers most > > questions. Also have a look at the mailing list archives. > > > > Sebastien Pouliot > > home: [EMAIL PROTECTED] > > blog: http://pages.infinit.net/ctech/poupou.html > > > > _______________________________________________ > > Mono-devel-list mailing list > > Mono-devel-list@lists.ximian.com > > http://lists.ximian.com/mailman/listinfo/mono-devel-list > _______________________________________________ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
