为什么我的代码签名(MSauthenticode)验证失败?
我发布了这个问题 并拥有来自 Thawte 的新生成的代码签名证书。
我按照说明进行操作(或者我是这么认为的),代码签名声称成功,但是当我尝试验证该工具时显示错误。
验证步骤的结果似乎表明它是正确的,但是存在错误,并且没有任何解释为什么存在错误。
非常感谢任何意见或建议。
签署 exe 的命令行:
signtool sign /f mdt.pfx /p password /t http://timestamp.verisign.com/scripts/timstamp.dll test.exe
结果:
The following certificate was selected:
Issued to: [my company]
Issued by: Thawte Code Signing CA
Expires: 4/23/2011 7:59:59 PM
SHA1 hash: 7D1A42364765F8969E83BC00AB77F901118F3601
Done Adding Additional Store
Attempting to sign: test.exe
Successfully signed and timestamped: test.exe
Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0
请注意,没有错误或警告。
现在,当我尝试验证想象我的惊讶时:
signtool verify /v test.exe
结果是:
Verifying: test.exe
SHA1 hash of file: 490BA0656517D3A322D19F432F1C6D40695CAD22
Signing Certificate Chain:
Issued to: Thawte Premium Server CA
Issued by: Thawte Premium Server CA
Expires: 12/31/2020 7:59:59 PM
SHA1 hash: 627F8D7827656399D27D7F9044C9FEB3F33EFA9A
Issued to: Thawte Code Signing CA
Issued by: Thawte Premium Server CA
Expires: 8/5/2013 7:59:59 PM
SHA1 hash: A706BA1ECAB6A2AB18699FC0D7DD8C7DE36F290F
Issued to: [my company]
Issued by: Thawte Code Signing CA
Expires: 4/23/2011 7:59:59 PM
SHA1 hash: 7D1A42364765F8969E83BC00AB77F901118F3601
The signature is timestamped: 4/27/2010 10:19:19 AM
Timestamp Verified by:
Issued to: Thawte Timestamping CA
Issued by: Thawte Timestamping CA
Expires: 12/31/2020 7:59:59 PM
SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656
Issued to: VeriSign Time Stamping Services CA
Issued by: Thawte Timestamping CA
Expires: 12/3/2013 7:59:59 PM
SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Issued to: VeriSign Time Stamping Services Signer - G2
Issued by: VeriSign Time Stamping Services CA
Expires: 6/14/2012 7:59:59 PM
SHA1 hash: ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Number of files successfully Verified: 0
Number of warnings: 0
Number of errors: 1
I posted this question and have a freshly minted code signing cert from Thawte.
I followed the instructions (or so I thought) and the code signing claims to succeed, however when I try to verify the tool shows an error.
The results from the verification step seem to show it is correct, however there is an error and no explanation whatsoever about why the error exists.
Any comments or suggestions are much appreciated.
Command line to sign exe:
signtool sign /f mdt.pfx /p password /t http://timestamp.verisign.com/scripts/timstamp.dll test.exe
Results:
The following certificate was selected:
Issued to: [my company]
Issued by: Thawte Code Signing CA
Expires: 4/23/2011 7:59:59 PM
SHA1 hash: 7D1A42364765F8969E83BC00AB77F901118F3601
Done Adding Additional Store
Attempting to sign: test.exe
Successfully signed and timestamped: test.exe
Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0
Note that there are no errors or warnings.
Now, when I try to verify imagine my surprise:
signtool verify /v test.exe
results in:
Verifying: test.exe
SHA1 hash of file: 490BA0656517D3A322D19F432F1C6D40695CAD22
Signing Certificate Chain:
Issued to: Thawte Premium Server CA
Issued by: Thawte Premium Server CA
Expires: 12/31/2020 7:59:59 PM
SHA1 hash: 627F8D7827656399D27D7F9044C9FEB3F33EFA9A
Issued to: Thawte Code Signing CA
Issued by: Thawte Premium Server CA
Expires: 8/5/2013 7:59:59 PM
SHA1 hash: A706BA1ECAB6A2AB18699FC0D7DD8C7DE36F290F
Issued to: [my company]
Issued by: Thawte Code Signing CA
Expires: 4/23/2011 7:59:59 PM
SHA1 hash: 7D1A42364765F8969E83BC00AB77F901118F3601
The signature is timestamped: 4/27/2010 10:19:19 AM
Timestamp Verified by:
Issued to: Thawte Timestamping CA
Issued by: Thawte Timestamping CA
Expires: 12/31/2020 7:59:59 PM
SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656
Issued to: VeriSign Time Stamping Services CA
Issued by: Thawte Timestamping CA
Expires: 12/3/2013 7:59:59 PM
SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Issued to: VeriSign Time Stamping Services Signer - G2
Issued by: VeriSign Time Stamping Services CA
Expires: 6/14/2012 7:59:59 PM
SHA1 hash: ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Number of files successfully Verified: 0
Number of warnings: 0
Number of errors: 1
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
尝试
Signtool verify /v /pa foo.exe
来自 使用 SignTool 验证文件签名(重点是我的)
Try
Signtool verify /v /pa foo.exe
From Using SignTool to Verify a File Signature (emphasis is mine)