[Mono-list] signcode on Centos 5
Sebastien Pouliot
sebastien.pouliot at gmail.com
Tue Dec 9 09:08:03 EST 2008
On Tue, 2008-12-09 at 10:38 +0100, Matthew Gertner wrote:
> On Mon, Dec 8, 2008 at 7:37 PM, Sebastien Pouliot
> <sebastien.pouliot at gmail.com> wrote:
> > On Mon, 2008-12-08 at 19:09 +0100, Matthew Gertner wrote:
> >> Hi,
> >>
> >> I installed Mono using the yum packages on Centos 5. The version is
> >> 1.2.4-2.el5.centos.
> >
> > Mono 1.2.4 is a rather old release.
> >
> >> I'm trying to digitally sign an executable using signcode. I followed
> >> the instructions here:
> >> https://developer.mozilla.org/En/Signing_an_executable_with_Authenticode.
> >> I added the three CA certificates I downloaded from GlobalSign to the
> >> CA repository as instructed.
> >>
> >> I had to extract the .p7b and .pvk files from the .p12 file supplied
> >> by GlobalSign, which I did by following the instructions here:
> >> http://wiki.cacert.org/wiki/Authenticode.
> >>
> >> Everything seemed to go fine, but when I run the signcode command:
> >>
> >> signcode \
> >> -spc (path to your public key).p7b \
> >> -v (path to your private key).pvk \
> >> -a sha1 -$ commercial \
> >> -n My\ Application \
> >> -i http://www.example.com/ \
> >> -t http://timestamp.verisign.com/scripts/timstamp.dll \
> >> -tr 10 \
> >> MyApp.exe
> >>
> >> I get the following output:
> >>
> >> Mono SignCode - version 1.2.4.0
> >> Sign assemblies and PE files using Authenticode(tm).
> >> Copyright 2002, 2003 Motus Technologies. Copyright 2004-2006 Novell.
> >> BSD licensed.
> >>
> >>
> >> Unhandled Exception: System.FormatException: Invalid length.
> >> at <0x00000> <unknown method>
> >> at (wrapper managed-to-native)
> >> System.Convert:InternalFromBase64String (string,bool)
> >> at System.Convert.FromBase64String (System.String s) [0x00000]
> >> at Mono.Security.Authenticode.SoftwarePublisherCertificate.CreateFromFile
> >> (System.String filename) [0x00000]
> >> at Mono.Tools.SignCode.GetCertificates (System.String spcfile) [0x00000]
> >> at Mono.Tools.SignCode.Main (System.String[] args) [0x00000]
> >
> > The file you supply as the SPC is not recognized as valid. It's either a
> > bad binary*, a badly encoded base64 file* or a bug fixed after 1.2.4
> > (been too long to recall what was changed since that version).
> >
> > * You can try to open the file and check if it looks bad or not.
> >
> >> I get the same error if I just run:
> >>
> >> signcode -spc <path to my p7b>
> >
> > That would be same file, so same badness apply.
> >
> >> I'm stuck. Does anyone have any idea what might be causing this?
> >
> > Make sure you get everything working using a test certificate. Then
> > start over and compare each steps (with the test).
>
> Thanks, Sebastien. I upgraded to mono 1.9.1.0. I wasn't sure where to
> get a test certificate but I did find a sample p7b file here:
> http://www.jacco2.dds.nl/networking/crtimprt.zip (referenced from
> http://support.quovadisglobal.com/customer/KBArticle.aspx?articleid=31).
> I tried the same command, i.e.
>
> signcode -spc usercrt.p7b
>
> Unfortunately I get exactly the same error message as before with mono
> 1.9.1.0, both with my p7b file and the sample one I downloaded. Both
> files look pretty same, with -----BEGIN PKCS7----- followed by a bunch
> of base64 encoded binary and then -----END PKCS7-----.
>
> I'm still stuck. Do you have any other ideas for what I could try?
Try removing the header/footer around the base64 data (IIRC Windows does
not add them) and try again.
Next fill a bug report and attach the original (non-working) file and
state (in the description) if the previous hack worked or not. I'll have
a look at it.
Thanks
Sebastien
More information about the Mono-list
mailing list