TechSpot

Code signing

By Bluemouse
Nov 29, 2010
Post New Reply
  1. Hi!

    I'm attempting to get rid of that "Unknown Publisher" message that appears when you run unsigned code on windows, but I'm a bit confused.

    What I have:

    - a *.cert.pem file. Would this be the same as a spc?
    - a *.key.pem file. Would this be the same as a *.key file?

    I took them from my apache ssl directory since I already have a certificate for https. Am I able to use the same thing to sign code?

    Code:
    pvk.exe -topvk -nocrypt -in privkey.key.pem -out out.pvk
    makecert.exe -sv out.pvk -n "CN=MyCert" certfile.cer -b <startdate> -e <enddate>
    pvk2pfx.exe -pvk out.pvk -spc certfile.cer -pfx PfxFile.pfx -po <password>
    
    signtool.exe sign /f PfxFile.pfx /p <password> <binary exe>
    
    It still shows up as "Unknown Publisher" though, and I'm not even sure that I'm doing it correctly. Would anyone be able to help?

    Thanks a lot!
    Cheers.


    Edit: Perhaps I want to do the following instead?

    Code:
    
    pvk.exe -topvk -nocrypt -in privkey.key.pem -out out.pvk
    openssl.exe crl2pkcs7 -nocrl -certfile my.cert.pem -outform DER -out my.spc
    
    pvk2pfx.exe -pvk out.pvk -spc my.spc -pfx PfxFile.pfx -po <password>
    
    signtool.exe sign /f PfxFile.pfx /p <password> <binary exe>
    
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...