[Mono-list] certmgr problems

Sébastien Pouliot spouliot@videotron.ca
Sun, 19 Dec 2004 11:10:30 -0500

Hello Davy,

> Hmm.. well the only reason I'm using mono's certmgr (and then hope to
> use signcode) is to be able to sign win32 exe files in a linux
> environment.  That's my ultimate goal and all I'm needing to do.   It
> was suggested to me to try mono's signcode since it's actually a
> portable executable..   So that's why I'm here.
> I am willing to help out with the mono codebase/bugreports, etc, but is
> what I'm trying to do even feasible going forward with mono's signcode?

Yes. Many people do that. However you're the first to report that you
didn't receive a PVK file from Verisign (maybe it was an option ?).

I know of two restrictions (once you have everything in the right format).

a.	Mono signcode only supports PE files (i.e. EXE, DLL, SCR, OCX...)
but doesn't support signing CAB files (it's a different file format which
Mono doesn't requires).

b.	There is a known bug (file sharing issue) for some versions of
Solaris that affect code signing.

> Is it what mono's signcode was even ever intended to do?

Well sort of ;-). I didn't expect that that the majority of the signcode
users wouldn't be Mono users.

> Or do you know
> of any other existing tool that can already do such a thing?

No I don't. Cryptlib is supposed to be able to do this but there in, or was,
no sample code available. AFAIK it didn't support the timestamping protocol
either (but that may have changed).

Sebastien Pouliot
home: spouliot@videotron.ca
blog: http://pages.infinit.net/ctech/poupou.html