[Mono-list] signcode on Centos 5

Sebastien Pouliot sebastien.pouliot at gmail.com
Mon Dec 8 13:37:32 EST 2008 

On Mon, 2008-12-08 at 19:09 +0100, Matthew Gertner wrote:
> Hi,
> 
> I installed Mono using the yum packages on Centos 5. The version is
> 1.2.4-2.el5.centos.

Mono 1.2.4 is a rather old release.

> I'm trying to digitally sign an executable using signcode. I followed
> the instructions here:
> https://developer.mozilla.org/En/Signing_an_executable_with_Authenticode.
> I added the three CA certificates I downloaded from GlobalSign to the
> CA repository as instructed.
> 
> I had to extract the .p7b and .pvk files from the .p12 file supplied
> by GlobalSign, which I did by following the instructions here:
> http://wiki.cacert.org/wiki/Authenticode.
> 
> Everything seemed to go fine, but when I run the signcode command:
> 
> signcode \
>  -spc (path to your public key).p7b \
>  -v (path to your private key).pvk \
>  -a sha1 -$ commercial \
>  -n My\ Application \
>  -i http://www.example.com/ \
>  -t http://timestamp.verisign.com/scripts/timstamp.dll \
>  -tr 10 \
>  MyApp.exe
> 
> I get the following output:
> 
> Mono SignCode - version 1.2.4.0
> Sign assemblies and PE files using Authenticode(tm).
> Copyright 2002, 2003 Motus Technologies. Copyright 2004-2006 Novell.
> BSD licensed.
> 
> 
> Unhandled Exception: System.FormatException: Invalid length.
>   at <0x00000> <unknown method>
>   at (wrapper managed-to-native)
> System.Convert:InternalFromBase64String (string,bool)
>   at System.Convert.FromBase64String (System.String s) [0x00000]
>   at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile
> (System.String filename) [0x00000]
>   at Mono.Tools.SignCode.GetCertificates (System.String spcfile) [0x00000]
>   at Mono.Tools.SignCode.Main (System.String[] args) [0x00000]

The file you supply as the SPC is not recognized as valid. It's either a
bad binary*, a badly encoded base64 file* or a bug fixed after 1.2.4
(been too long to recall what was changed since that version).

* You can try to open the file and check if it looks bad or not.

> I get the same error if I just run:
> 
> signcode -spc <path to my p7b>

That would be same file, so same badness apply.

> I'm stuck. Does anyone have any idea what might be causing this?

Make sure you get everything working using a test certificate. Then
start over and compare each steps (with the test).

Sebastien

More information about the Mono-list mailing list