[Mono-dev] signcode on the fly

Sebastien Pouliot sebastien.pouliot at gmail.com
Wed Feb 21 07:26:00 EST 2007


On Wed, 2007-02-21 at 10:17 +0530, viraj wrote:
> i'm on debian etch, and mono -V says..
> 
> Mono JIT compiler version 1.2.2.1, (C) 2002-2006 Novell, Inc and
> Contributors. www.mono-project.com
>         TLS:           normal
>         GC:            Included Boehm (with typed GC)
>         SIGSEGV:       normal
>         Disabled:      none
> 
> by the way, i found this article..
> 
> http://projects.zillabit.com/authenticode.html
> 
> scroll down to 'Working around problems with PVK password', as per
> this article, it can be fixed by commenting out certain lines and
> recompiling the signcode.cs. or as an alternative workaround, it
> suggest a .pvk file without a password.

Nice article but it could have been a lot shorter with another bug
report and a few other questions.

> i'm still struggling with both the solutions because i have no
> experience in mcs compiler. :) any help would be highly appreciated!

Depends on how much time you have. 

The first solution is a little more complex to build and will result in
a signcode tool that works only with password protected PVK.

The second solution is simpler but will unprotect, by removing the
password, your PVK file (not that the PVK format is considerate very
secure). This new PVK (same key, no password) will be usable with Mono's
signcode tool.

A third solution is to wait for the next release of Mono which should
have a fix for this (hopefully filled) bug.

> thanks a lot.

Please fill a bug entry into bugzilla.ximian.com (include a link to the
article) and tell me which solution would work better for you.

Thanks

> 
> ~viraj
> 
> 
> On 2/20/07, Sebastien Pouliot <sebastien.pouliot at gmail.com> wrote:
> > On Tue, 2007-02-20 at 19:10 +0530, viraj wrote:
> > > hi all,
> > > yes, i just verified it by creating a test certificate with makecert.
> > > It signed my code without a problem. so the problem is the 'encrypted
> > > pvk file', thank you for your hint Rafael!
> > >
> > > even though i have the password for the .pvk file, it seems 'signcode'
> > > binary does not accept a password on it's input (man signcode)? am i
> > > correct?
> >
> > Signcode should ask you your password when it detects an encrypted PVK
> > file.
> >
> > What version of Mono are you using ?
> >
> > > with 'signtool' (MS Platform SDK), it accepts the password, is there a
> > > 'signtool' equivalent in Mono?
> > >
> > > thanks again
> > >
> > >
> > > ~viraj
> > >
> > >
> > > On 2/20/07, Rafael Teixeira <monoman at gmail.com> wrote:
> > > > Hi Viraj,
> > > >
> > > > Just my inexperienced view on the problem:
> > > >
> > > > It seems that your pvk is encrypted, and you need to provide a
> > > > password for signcode to use it, but I also don't know how. An
> > > > alternative is to use an unencripted pvk file.
> > > >
> > > > :)
> > > >
> > > > On 2/20/07, viraj <kalinga at gmail.com> wrote:
> > > > > hi all,
> > > > > i'm trying to signcode a win32 executable on Linux, using Mono's signcode.
> > > > >
> > > > > when i issue the command..
> > > > >
> > > > > signcode -spc myspcfromthawte.spc -v mypvkfromthawte.pvk -n "My App -
> > > > > Quick Demo" -t "http://timestamp.verisign.com/scripts/timstamp.dll"
> > > > > quickDemo.exe
> > > > >
> > > > > it says..
> > > > >
> > > > > Mono SignCode - version 1.2.2.1
> > > > > Sign assemblies and PE files using Authenticode(tm).
> > > > > Copyright 2002, 2003 Motus Technologies. Copyright 2004-2006 Novell.
> > > > > BSD licensed.
> > > > >
> > > > >
> > > > > Unhandled Exception:
> > > > > System.Security.Cryptography.CryptographicException: Invalid data
> > > > > and/or password
> > > > >   at Mono.Security.Authenticode.PrivateKey..ctor (System.Byte[] data,
> > > > > System.String password) [0x00000]
> > > > >   at Mono.Security.Authenticode.PrivateKey.CreateFromFile
> > > > > (System.String filename, System.String password) [0x00000]
> > > > >   at Mono.Security.Authenticode.PrivateKey.CreateFromFile
> > > > > (System.String filename) [0x00000]
> > > > >   at Mono.Tools.SignCode.GetPrivateKey (System.String keyfile,
> > > > > System.Security.Cryptography.CspParameters csp) [0x00000]
> > > > >   at Mono.Tools.SignCode.Main (System.String[] args) [0x00000]
> > > > >
> > > > > couldn't trace a similar error message on internet.
> > > > >
> > > > > am i missing any parameters? or what should be the correct syntax of
> > > > > the command.
> > > > >
> > > > > thanks a lot.
> > > > >
> > > > > ~viraj
> > > > > _______________________________________________
> > > > > Mono-devel-list mailing list
> > > > > Mono-devel-list at lists.ximian.com
> > > > > http://lists.ximian.com/mailman/listinfo/mono-devel-list
> > > > >
> > > >
> > > >
> > > > --
> > > > Rafael "Monoman" Teixeira
> > > > ---------------------------------------
> > > > "The reasonable man adapts himself to the world; the unreasonable one
> > > > persists in trying to adapt the world to himself. Therefore all
> > > > progress depends on the unreasonable man." George Bernard Shaw
> > > >
> > > _______________________________________________
> > > Mono-devel-list mailing list
> > > Mono-devel-list at lists.ximian.com
> > > http://lists.ximian.com/mailman/listinfo/mono-devel-list
> >
> >
-- 
Sebastien Pouliot  <sebastien at ximian.com>
Blog: http://pages.infinit.net/ctech/




More information about the Mono-devel-list mailing list