当前位置: 文江博客话题详情

为什么我的代码签名(MSauthenticode)验证失败?

发布于 2024-08-30 15:03:18 字数 2468 浏览 1 评论 0原文

我发布了这个问题 并拥有来自 Thawte 的新生成的代码签名证书。

我按照说明进行操作(或者我是这么认为的),代码签名声称成功,但是当我尝试验证该工具时显示错误。

验证步骤的结果似乎表明它是正确的,但是存在错误,并且没有任何解释为什么存在错误。

非常感谢任何意见或建议。

签署 exe 的命令行:

signtool sign /f mdt.pfx /p password /t http://timestamp.verisign.com/scripts/timstamp.dll test.exe

结果:

The following certificate was selected:
    Issued to: [my company]

    Issued by: Thawte Code Signing CA

    Expires:   4/23/2011 7:59:59 PM

    SHA1 hash: 7D1A42364765F8969E83BC00AB77F901118F3601


Done Adding Additional Store


Attempting to sign: test.exe

Successfully signed and timestamped: test.exe


Number of files successfully Signed: 1

Number of warnings: 0

Number of errors: 0

请注意,没有错误或警告。

现在,当我尝试验证想象我的惊讶时:

signtool verify /v test.exe

结果是:

Verifying: test.exe

SHA1 hash of file: 490BA0656517D3A322D19F432F1C6D40695CAD22
Signing Certificate Chain:
    Issued to: Thawte Premium Server CA

    Issued by: Thawte Premium Server CA

    Expires:   12/31/2020 7:59:59 PM

    SHA1 hash: 627F8D7827656399D27D7F9044C9FEB3F33EFA9A


        Issued to: Thawte Code Signing CA

        Issued by: Thawte Premium Server CA

        Expires:   8/5/2013 7:59:59 PM

        SHA1 hash: A706BA1ECAB6A2AB18699FC0D7DD8C7DE36F290F


            Issued to: [my company]

            Issued by: Thawte Code Signing CA

            Expires:   4/23/2011 7:59:59 PM

            SHA1 hash: 7D1A42364765F8969E83BC00AB77F901118F3601


The signature is timestamped: 4/27/2010 10:19:19 AM

Timestamp Verified by:
    Issued to: Thawte Timestamping CA

    Issued by: Thawte Timestamping CA

    Expires:   12/31/2020 7:59:59 PM

    SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656


        Issued to: VeriSign Time Stamping Services CA

        Issued by: Thawte Timestamping CA

        Expires:   12/3/2013 7:59:59 PM

        SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D


            Issued to: VeriSign Time Stamping Services Signer - G2

            Issued by: VeriSign Time Stamping Services CA

            Expires:   6/14/2012 7:59:59 PM

            SHA1 hash: ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE



Number of files successfully Verified: 0

Number of warnings: 0

Number of errors: 1
原文

I posted this question and have a freshly minted code signing cert from Thawte.

I followed the instructions (or so I thought) and the code signing claims to succeed, however when I try to verify the tool shows an error.

The results from the verification step seem to show it is correct, however there is an error and no explanation whatsoever about why the error exists.

Any comments or suggestions are much appreciated.

Command line to sign exe:

signtool sign /f mdt.pfx /p password /t http://timestamp.verisign.com/scripts/timstamp.dll test.exe

Results:

The following certificate was selected:
    Issued to: [my company]

    Issued by: Thawte Code Signing CA

    Expires:   4/23/2011 7:59:59 PM

    SHA1 hash: 7D1A42364765F8969E83BC00AB77F901118F3601


Done Adding Additional Store


Attempting to sign: test.exe

Successfully signed and timestamped: test.exe


Number of files successfully Signed: 1

Number of warnings: 0

Number of errors: 0

Note that there are no errors or warnings.

Now, when I try to verify imagine my surprise:

signtool verify /v test.exe

results in:

Verifying: test.exe

SHA1 hash of file: 490BA0656517D3A322D19F432F1C6D40695CAD22
Signing Certificate Chain:
    Issued to: Thawte Premium Server CA

    Issued by: Thawte Premium Server CA

    Expires:   12/31/2020 7:59:59 PM

    SHA1 hash: 627F8D7827656399D27D7F9044C9FEB3F33EFA9A


        Issued to: Thawte Code Signing CA

        Issued by: Thawte Premium Server CA

        Expires:   8/5/2013 7:59:59 PM

        SHA1 hash: A706BA1ECAB6A2AB18699FC0D7DD8C7DE36F290F


            Issued to: [my company]

            Issued by: Thawte Code Signing CA

            Expires:   4/23/2011 7:59:59 PM

            SHA1 hash: 7D1A42364765F8969E83BC00AB77F901118F3601


The signature is timestamped: 4/27/2010 10:19:19 AM

Timestamp Verified by:
    Issued to: Thawte Timestamping CA

    Issued by: Thawte Timestamping CA

    Expires:   12/31/2020 7:59:59 PM

    SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656


        Issued to: VeriSign Time Stamping Services CA

        Issued by: Thawte Timestamping CA

        Expires:   12/3/2013 7:59:59 PM

        SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D


            Issued to: VeriSign Time Stamping Services Signer - G2

            Issued by: VeriSign Time Stamping Services CA

            Expires:   6/14/2012 7:59:59 PM

            SHA1 hash: ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE



Number of files successfully Verified: 0

Number of warnings: 0

Number of errors: 1

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

清音悠歌 2024-09-06 15:03:18

尝试 Signtool verify /v /pa foo.exe

来自 使用 SignTool 验证文件签名(重点是我的)

SignTool 验证 MyControl.exe

如果前面的示例失败,
可能是签名使用了
代码签名证书。签名工具
默认为 Windows 驱动程序策略
以供验证。

以下命令验证
签名,使用默认的
身份验证验证策略:

SignTool 验证 /pa MyControl.exe

Try Signtool verify /v /pa foo.exe

From Using SignTool to Verify a File Signature (emphasis is mine)

SignTool verify MyControl.exe

If the preceding example fails, it
could be that the signature used a
code-signing certificate. SignTool
defaults to the Windows driver policy
for verification.

The following command verifies the
signature, using the default
authentication verification policy:

SignTool verify /pa MyControl.exe

回复 原文
~没有更多了~

关于作者

美人骨

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

lioqio

文章 0 评论 0

Single

文章 0 评论 0

禾厶谷欠

文章 0 评论 0

alipaysp_2zg8elfGgC

文章 0 评论 0

qq_N6d4X7

文章 0 评论 0

放低过去

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文