Why is my code signing (MS authenticode) verification failing?
Posted
by Tim
on Stack Overflow
See other posts from Stack Overflow
or by Tim
Published on 2010-04-27T14:30:58Z
Indexed on
2010/04/27
14:33 UTC
Read the original article
Hit count: 518
code-signing
I posted this question and have a freshly minted code signing cert from Thawte.
I followed the instructions (or so I thought) and the code signing claims to be done right, however when I try to verify the tool shows an error.
I have no idea what it means and no idea how to fix this. Any comments would be appreciated.
Command line to sign exe:
signtool sign /f mdt.pfx /p password /t http://timestamp.verisign.com/scripts/timstamp.dll test.exe
Results:
The following certificate was selected:
Issued to: [my company]
Issued by: Thawte Code Signing CA
Expires: 4/23/2011 7:59:59 PM
SHA1 hash: 7D1A42364765F8969E83BC00AB77F901118F3601
Done Adding Additional Store
Attempting to sign: test.exe
Successfully signed and timestamped: test.exe
Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0
Note that there are no errors or warnings.
Now, when I try to verify imagine my surprise:
signtool verify /v test.exe
results in:
Verifying: test.exe
SHA1 hash of file: 490BA0656517D3A322D19F432F1C6D40695CAD22
Signing Certificate Chain:
Issued to: Thawte Premium Server CA
Issued by: Thawte Premium Server CA
Expires: 12/31/2020 7:59:59 PM
SHA1 hash: 627F8D7827656399D27D7F9044C9FEB3F33EFA9A
Issued to: Thawte Code Signing CA
Issued by: Thawte Premium Server CA
Expires: 8/5/2013 7:59:59 PM
SHA1 hash: A706BA1ECAB6A2AB18699FC0D7DD8C7DE36F290F
Issued to: [my company]
Issued by: Thawte Code Signing CA
Expires: 4/23/2011 7:59:59 PM
SHA1 hash: 7D1A42364765F8969E83BC00AB77F901118F3601
The signature is timestamped: 4/27/2010 10:19:19 AM
Timestamp Verified by:
Issued to: Thawte Timestamping CA
Issued by: Thawte Timestamping CA
Expires: 12/31/2020 7:59:59 PM
SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656
Issued to: VeriSign Time Stamping Services CA
Issued by: Thawte Timestamping CA
Expires: 12/3/2013 7:59:59 PM
SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Issued to: VeriSign Time Stamping Services Signer - G2
Issued by: VeriSign Time Stamping Services CA
Expires: 6/14/2012 7:59:59 PM
SHA1 hash: ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE
Number of files successfully Verified: 0
Number of warnings: 0
Number of errors: 1
© Stack Overflow or respective owner