[Mono-list] signcode on Centos 5

Matthew Gertner matthew.gertner at gmail.com
Tue Dec 9 04:38:11 EST 2008 

On Mon, Dec 8, 2008 at 7:37 PM, Sebastien Pouliot
<sebastien.pouliot at gmail.com> wrote:
> On Mon, 2008-12-08 at 19:09 +0100, Matthew Gertner wrote:
>> Hi,
>>
>> I installed Mono using the yum packages on Centos 5. The version is
>> 1.2.4-2.el5.centos.
>
> Mono 1.2.4 is a rather old release.
>
>> I'm trying to digitally sign an executable using signcode. I followed
>> the instructions here:
>> https://developer.mozilla.org/En/Signing_an_executable_with_Authenticode.
>> I added the three CA certificates I downloaded from GlobalSign to the
>> CA repository as instructed.
>>
>> I had to extract the .p7b and .pvk files from the .p12 file supplied
>> by GlobalSign, which I did by following the instructions here:
>> http://wiki.cacert.org/wiki/Authenticode.
>>
>> Everything seemed to go fine, but when I run the signcode command:
>>
>> signcode \
>>  -spc (path to your public key).p7b \
>>  -v (path to your private key).pvk \
>>  -a sha1 -$ commercial \
>>  -n My\ Application \
>>  -i http://www.example.com/ \
>>  -t http://timestamp.verisign.com/scripts/timstamp.dll \
>>  -tr 10 \
>>  MyApp.exe
>>
>> I get the following output:
>>
>> Mono SignCode - version 1.2.4.0
>> Sign assemblies and PE files using Authenticode(tm).
>> Copyright 2002, 2003 Motus Technologies. Copyright 2004-2006 Novell.
>> BSD licensed.
>>
>>
>> Unhandled Exception: System.FormatException: Invalid length.
>>   at <0x00000> <unknown method>
>>   at (wrapper managed-to-native)
>> System.Convert:InternalFromBase64String (string,bool)
>>   at System.Convert.FromBase64String (System.String s) [0x00000]
>>   at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile
>> (System.String filename) [0x00000]
>>   at Mono.Tools.SignCode.GetCertificates (System.String spcfile) [0x00000]
>>   at Mono.Tools.SignCode.Main (System.String[] args) [0x00000]
>
> The file you supply as the SPC is not recognized as valid. It's either a
> bad binary*, a badly encoded base64 file* or a bug fixed after 1.2.4
> (been too long to recall what was changed since that version).
>
> * You can try to open the file and check if it looks bad or not.
>
>> I get the same error if I just run:
>>
>> signcode -spc <path to my p7b>
>
> That would be same file, so same badness apply.
>
>> I'm stuck. Does anyone have any idea what might be causing this?
>
> Make sure you get everything working using a test certificate. Then
> start over and compare each steps (with the test).

Thanks, Sebastien. I upgraded to mono 1.9.1.0. I wasn't sure where to
get a test certificate but I did find a sample p7b file here:
http://www.jacco2.dds.nl/networking/crtimprt.zip (referenced from
http://support.quovadisglobal.com/customer/KBArticle.aspx?articleid=31).
I tried the same command, i.e.

signcode -spc usercrt.p7b

Unfortunately I get exactly the same error message as before with mono
1.9.1.0, both with my p7b file and the sample one I downloaded. Both
files look pretty same, with -----BEGIN PKCS7----- followed by a bunch
of base64 encoded binary and then -----END PKCS7-----.

I'm still stuck. Do you have any other ideas for what I could try?

Cheers,
Matt

More information about the Mono-list mailing list