为什么我的代码签名(MS authenticode)验证失败?

时间:2010-04-27 14:30:58

标签: code-signing

我发布了this question并获得了来自Thawte的新编码签名证书。

我按照说明(或者我认为)并且代码签名声称成功,但是当我尝试验证该工具显示错误时。

验证步骤的结果似乎表明它是正确的,但是有错误并且没有解释错误存在的原因。

非常感谢任何意见或建议。

签署exe的命令行:

signtool sign /f mdt.pfx /p password /t http://timestamp.verisign.com/scripts/timstamp.dll test.exe

结果:

The following certificate was selected:
    Issued to: [my company]

    Issued by: Thawte Code Signing CA

    Expires:   4/23/2011 7:59:59 PM

    SHA1 hash: 7D1A42364765F8969E83BC00AB77F901118F3601


Done Adding Additional Store


Attempting to sign: test.exe

Successfully signed and timestamped: test.exe


Number of files successfully Signed: 1

Number of warnings: 0

Number of errors: 0

请注意,没有错误或警告。

现在,当我试图验证想象我的意外时:

signtool verify /v test.exe

结果:

Verifying: test.exe

SHA1 hash of file: 490BA0656517D3A322D19F432F1C6D40695CAD22
Signing Certificate Chain:
    Issued to: Thawte Premium Server CA

    Issued by: Thawte Premium Server CA

    Expires:   12/31/2020 7:59:59 PM

    SHA1 hash: 627F8D7827656399D27D7F9044C9FEB3F33EFA9A


        Issued to: Thawte Code Signing CA

        Issued by: Thawte Premium Server CA

        Expires:   8/5/2013 7:59:59 PM

        SHA1 hash: A706BA1ECAB6A2AB18699FC0D7DD8C7DE36F290F


            Issued to: [my company]

            Issued by: Thawte Code Signing CA

            Expires:   4/23/2011 7:59:59 PM

            SHA1 hash: 7D1A42364765F8969E83BC00AB77F901118F3601


The signature is timestamped: 4/27/2010 10:19:19 AM

Timestamp Verified by:
    Issued to: Thawte Timestamping CA

    Issued by: Thawte Timestamping CA

    Expires:   12/31/2020 7:59:59 PM

    SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656


        Issued to: VeriSign Time Stamping Services CA

        Issued by: Thawte Timestamping CA

        Expires:   12/3/2013 7:59:59 PM

        SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D


            Issued to: VeriSign Time Stamping Services Signer - G2

            Issued by: VeriSign Time Stamping Services CA

            Expires:   6/14/2012 7:59:59 PM

            SHA1 hash: ADA8AAA643FF7DC38DD40FA4C97AD559FF4846DE



Number of files successfully Verified: 0

Number of warnings: 0

Number of errors: 1

1 个答案:

答案 0 :(得分:15)

尝试Signtool verify /v /pa foo.exe

来自Using SignTool to Verify a File Signature(强调是我的)

  

SignTool verify MyControl.exe

     

如果前面的示例失败,它   可能是签名使用了   代码签名证书。 SignTool   默认为Windows驱动程序策略   用于验证。

     

以下命令验证   签名,使用默认值   身份验证验证政策:

     

SignTool verify /pa MyControl.exe

相关问题
最新问题