[Mono-list] certmgr problems

Davy Durham pubaddr@davyandbeth.com
Sat, 18 Dec 2004 13:03:53 -0600

Hmm.. well the only reason I'm using mono's certmgr (and then hope to 
use signcode) is to be able to sign win32 exe files in a linux 
environment.  That's my ultimate goal and all I'm needing to do.   It 
was suggested to me to try mono's signcode since it's actually a 
portable executable..   So that's why I'm here.

I am willing to help out with the mono codebase/bugreports, etc, but is 
what I'm trying to do even feasible going forward with mono's signcode?  
Is it what mono's signcode was even ever intended to do?  Or do you know 
of any other existing tool that can already do such a thing?

Thanks alot,

Sébastien Pouliot wrote:

>>Any help?
>It depends on what you want to do.
>To get your certificate into the store you'll need to export it as a
>X.509 Certificate (DER) from Windows, then import it using Mono 
>certmgr.exe tool.
>But this won't help you to use signcode (to sign using your 
>Authenticode certificate/key) because:
>- signcode doesn't use the certificate store (as it wants the 
>certificates in a SPC, PKCS#7, file);
>- signcode use PVK files for private keys or "key containers" (but
>not PKCS#12 files). Now your private key, inside the PKCS#12 file, can
>be converted to either format (preference to the PVK as it still can
>be password protected) but that will require a little coding to 
>convert it.
>Note: Right now most of the Mono's security tools (except certmgr) use
>the same options as the corresponding MS tools. It make sense, most of
>the time, except when a tool is "somewhat" incomplete (e.g. signcode).
>In that case you need additional tools, in Windows, that doesn't (yet
>or never will) exist for Mono.
>It would be very nice of you to write a bug report for this situation
>(http://bugzilla.ximian.com) and to include your own use case step by
>step (e.g. what you received from Verisign, what you did on Windows, 
>what you expected to do on Mono). I'll do my best to include a working
>(or at least easier than coding your own) solution in the next Mono