flat assembler
Message board for the users of flat assembler.

Index > Windows > digital signature

Author
Thread Post new topic Reply to topic
b1528932



Joined: 21 May 2010
Posts: 287
b1528932
I know that executable files can be signed. This signature is contained in Security data directory (after optional header).

- Is there a diffrence between signing normal files and drivers?
- What parts of file are signed?

How can i sign (using program and manually) my .exe?
Post 10 Nov 2010, 15:02
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17716
Location: In your JS exploiting you and your system
revolution
You gotta pay MS to get a valid signature. Self signing is not allowed else everyone would do it.

Anyhow, google is your friend here.
Post 10 Nov 2010, 15:05
View user's profile Send private message Visit poster's website Reply with quote
b1528932



Joined: 21 May 2010
Posts: 287
b1528932
For what im paying microsoft?
From my understanding, windows has many public keys (like a million or so), and im buying a private key. When i buy private key, 1 of public keys avaiable in windows will work and my app is veryfied.

is that right? i cant find any good info about this.
Post 10 Nov 2010, 16:07
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17716
Location: In your JS exploiting you and your system
revolution
Well either way MS holds all the keys so you have to contact them to move forward. If you are serious about signing then talk to MS.

If you think MS charges too much for a key then take it up with MS. We can't help you.
Post 10 Nov 2010, 16:17
View user's profile Send private message Visit poster's website Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
revolution,

For PE to be considered authentic, it should be signed using trusted key pair. One can generate such pair and use certificate manager to import self-signed certificate into Windows database (so it's source becomes trusted). Then any properly signed entity will be considered authentic by Windows CryptoAPI (I'm simplifying here, for sake of brevity: simple Google search will direct you at least to MakeCert MSDN page.

Yes, I've made that several times. No, I didn't pay MS a buck for that.
Post 10 Nov 2010, 21:22
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17716
Location: In your JS exploiting you and your system
revolution
I was just assuming that b1528932 wanted to sign for the sake of other people to use it. There seems little point in self-signing and also importing your own keys. And there seems little point in sending both the signed file and the keys to users since that provides absolutely no authentication.

Do you trust your own software? Well of course you do. Why even bother to sign it if only you use it?
Post 10 Nov 2010, 22:29
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
baldr: that doesn't really work for anything but testing on your own system, though, since other people won't see the file as signed. And it won't work for x64 drivers unless you run your system in testsigning mode.
Post 11 Nov 2010, 08:23
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.