如何修复“尝试从PFX文件加载签名证书时发生错误?

时间:2011-12-21 14:11:36

标签: windows security ssh

我在带有.NET 1.1的Windows XP Professional机器上安装了signtool.exe。属性对话框中显示的版本为5.2.3790.2568。

我也在同一台机器上安装了Cygwin和OpenSSH。无论如何,当我在本地运行该工具时 - 一切正常,请观察:

D:\WORK\workspace>type 1.cmd
d:\work\workspace\VE\CodeSign\signtool.exe sign /f d:\work\workspace\VE\CodeSign\Shunra.pfx /p "shunrail" /t http://timestamp.verisign.com/scripts/tim
stamp.dll /du "www.shunra.com" /v "d:\work\workspace\VE\ShunraInstallationServices\lib\net\Release\ShunraInstallationServices.dll"

D:\WORK\workspace>1.cmd

D:\WORK\workspace>d:\work\workspace\VE\CodeSign\signtool.exe sign /f d:\work\workspace\VE\CodeSign\Shunra.pfx /p "shunrail" /t http://timestamp.verisi
gn.com/scripts/timstamp.dll /du "www.shunra.com" /v "d:\work\workspace\VE\ShunraInstallationServices\lib\net\Release\ShunraInstallationServices.dll"
The following certificate was selected:
    Issued to: Shunra Software Ltd.
    Issued by: VeriSign Class 3 Code Signing 2009-2 CA
    Expires:   6/3/2013 1:59:59
    SHA1 hash: DE4A79909D95FCFB16DA8BFE4251C5FC88659FFA

Done Adding Additional Store

Attempting to sign: d:\work\workspace\VE\ShunraInstallationServices\lib\net\Release\ShunraInstallationServices.dll
Successfully signed and timestamped: d:\work\workspace\VE\ShunraInstallationServices\lib\net\Release\ShunraInstallationServices.dll

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0

D:\WORK\workspace>

现在,我尝试通过SSH从另一台机器运行相同的命令。观察:

markk@Dev-Builder /cygdrive/d
$ ssh builder@vm-builder /cygdrive/c/WINDOWS/system32/cmd.exe /c d:\\\\WORK\\\\workspace\\\\1.cmd

C:\cygwin\home\builder>d:\work\workspace\VE\CodeSign\signtool.exe sign /f d:\work\workspace\VE\CodeSign\Shunra.pfx /p "s
hunrail" /t http://timestamp.verisign.com/scripts/timstamp.dll /du "www.shunra.com" /v "d:\work\workspace\VE\ShunraInsta
llationServices\lib\net\Release\ShunraInstallationServices.dll"

Number of files successfully Signed: 0
Number of warnings: 0
Number of errors: 1
SignTool Error: IStore2::Load returned error: 0x80090345
        The requested operation requires delegation to be enabled on the machine.
SignTool Error: An error occurred while attempting to load the signing
        certificate from: d:\work\workspace\VE\CodeSign\Shunra.pfx

markk@Dev-Builder /cygdrive/d
$

两种情况下使用的用户都是相同的。的确,在第一台机器上:

D:\WORK\workspace>echo %USERNAME% %USERDOMAIN%
builder SHUNRANET

D:\WORK\workspace>c:\utils\PsLoggedon.exe

PsLoggedon v1.34 - See who's logged on
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Users logged on locally:
     11/21/2011 4:53:01         SHUNRANET\builder

No one is logged on via resource shares.

D:\WORK\workspace>

现在在第二台机器上通过SSH发出相同的命令:

markk@Dev-Builder /cygdrive/d
$ ssh builder@vm-builder /cygdrive/c/WINDOWS/system32/cmd.exe /c echo %USERNAME% %USERDOMAIN%
builder SHUNRANET

markk@Dev-Builder /cygdrive/d
$ ssh builder@vm-builder /cygdrive/c/utils/PsLoggedon.exe
Users logged on locally:
     11/21/2011 4:53:01         SHUNRANET\builder

No one is logged on via resource shares.

PsLoggedon v1.34 - See who's logged on
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


markk@Dev-Builder /cygdrive/d
$

发生了什么事?

修改

我已将pause命令插入1.cmd批处理文件,该文件允许我在Process Explorer中打开相应cmd.exe进程的属性对话框。 “安全”选项卡为本地运行的cmd.exe讲述的故事与通过SSH远程运行的cmd.exe的故事不同。

本地运行的cmd.exe的“安全”选项卡(我不得不连接权限值,因为UI不允许调整窗口的那一部分):

Enter image description here

现在,cmd.exe的同一对话框从另一台计算机通过SSH运行:

Enter image description here

1 个答案:

答案 0 :(得分:1)

我找到了帖子 Re: Cygwin ssh session privileges differ from console privileges? ,其中声明:

  

底线是,如果您需要所有用户的访问权限使用   密码验证

事实上,在我更改目标计算机上的ssh配置以询问用户密码后,signtool.exe成功。