[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

working with signcode ,makecert , etc

Posted on 2005-04-07
6
Medium Priority
?
3,147 Views
Last Modified: 2012-06-22
dear sir ,
i have a .cab file , i want to sign it ,
i read the msdn library but i couldnt reach the solution
can you please simpify the solution for me ?
i will be grateful
thanks
0
Comment
Question by:xodos
  • 3
  • 3
6 Comments
 
LVL 27

Accepted Solution

by:
Tolomir earned 2000 total points
ID: 13728542
Have you read this advice:

http://support.microsoft.com/kb/247257/EN-US/

MORE INFORMATION
1.      The Microsoft .NET Framework software development kit (SDK) 1.1 includes the Crypto API files that you must have to sign a .cab file. To download the SDK, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9B3A2CA6-3647-4070-9F41-A333C6B9181D&displaylang=en
2.      Use the following steps to sign and validate the .cab file:
a.       Type the following at a command prompt to create a private key file, Mycert.pvk.
makecert -sv "mycert.pvk" -n "CN=My Company" mycert.cer
The file created in this step, Mycert.cer, is used to create an .spc file. Type the password in the dialog box.
b.       Create an .spc file from the certificate file with the correct password. To do so, type the following line at a command prompt:
cert2spc mycert.cer mycert.spc
Note that this step involves creation of a test private key. Alternatively, valid certificates can be created through Microsoft Certificate Server for Intranet use or purchased from external vendors for Internet use.
c.       Use the key information to sign the .cab file:
signcode -v mycert.pvk -spc mycert.spc new.cab -t [Timestamp server URL]
For more information about signtool, visit the following Microsoft Developer Network (MSDN) Web site:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/signtool.asp
Note Specify the timestamp server URL at this step. The timestamp server URL provides a place to enter or edit the location of a timestamp server. A timestamp server validates the date and time that the cabinet file was signed. Certificate files can expire after a certain period of time. Contact your certificate file provider (certificate authority) for the location of their timestamp server.

Starting with Platform SDK February 2003, signcode.exe has been replaced with signtool.exe.
3.      Follow this procedure to validate a .cab file:
a.       Type the following at a command prompt to run Setreg.exe on the client system with the TRUE value so that the test certificates are recognized:
setreg -q 1 TRUE
b.       Run Checktrust.exe to ensure that the CAB file is signing correctly:
chktrust new.cab
Expected results

mycab.cab: Succeeded
                                    
0
 

Author Comment

by:xodos
ID: 13728784
all was working properly except the timestamp
i have an authority server on win2k machine
i made a certificate
in this case my authority server is the certificate provider
but how can i use the timestamp ?
thanks
0
 

Author Comment

by:xodos
ID: 13728853
now it works
i run chktrust mycab.cab
the result is
mycab.cab:succeeded
and it opens the certificate and it was signed
i open the browser and i put the path of the html file which loads the activex control
the browser blocked the control , i allowed it to run , but it said uknown publisher
and it didnt run
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 27

Expert Comment

by:Tolomir
ID: 13728936

Yep the problem is you need a trusted certificate provider like verisign, whose public key is part of IE.

This is what I have found about the timestamp server:

A timestamp server validates the date and time that the cabinet file
was signed. Certificate files may expire. Contact your certificate file
provider (certificate authority, such as, Verisign) for the location of
their timestamp server.

---
You might set your IE security settings to low, or define a trusted zone to make this active x control working.
Using standard security settings and running an homesigned control is a security breach.


Tolomir
0
 

Author Comment

by:xodos
ID: 13729356
i have it ,
signcode -v mycert.pvk -spc mycert.spc new.cab -t http://timestamp.verisign.com/scripts/timstamp.dll 
i put this code ,
then i run chktrust new.cab
it pops the certificate
if i have a certificate authority server , where would the timestamp server be ?
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 13731876
sorry cannot help you any further, since I've never created such a signature.

But maybe the verisign timestamp server is good enough? Even if you are using a different autority server... give it a try. Good luck.


Tolomir
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question