Hi…I m trying to create a digital signature and verify it. I created a
private-public key pair of 2048 bits using openssl (version
openssl-0.9.8h-1-doc).
I used genrsa command of openssl to generate a key pair.
Then I used that key pair to generate a self signed certificate of .crt
format for my use. I made that self signed certificate using openssl.
I converted the .pvk key to pfx by openssl's pkcs12 option.
Then I use this .pfx file with signcode to sign the file.
I used the signcode.exe GUI to use signtool.exe (version 6.0.6000.16384).
The signing is successful. The file was signed with its signature embedded
in it.
I also installed my certificate in the "trusted publishers", "personal",
"trusted authorities" store.
Then I tried to verify my file with the following code. I used visual studio
2003 and am working on windows XP. I have capicom 2.1.0.2 version with me
installed using the capicom_dc_sdk 2.1.0.2 version.
I verify the signed binary using the cpp code given below:
//Code for verification of file:
// Exp.cpp : Defines the entry point for the console application.
#include "stdafx.h"
#include "Exp.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#endif
#import "C:\\WINDOWS\\system32\\capicom.dll"
#pragma warning (disable : 4192)
using namespace CAPICOM;
// The one and only application object
CWinApp theApp;
using namespace std;
int _tmain(int argc, TCHAR* argv[], TCHAR* envp[])
{
int nRetCode = 0;
HRESULT hr = S_OK;
// initialize MFC and print and error on failure
if (!AfxWinInit(::GetModuleHandle(NULL), NULL, ::GetCommandLine(), 0))
{
// error code
_tprintf(_T("Fatal Error: MFC initialization failed\n"));
nRetCode = 1;
}
else
{
// application's behavior.
HRESULT result;
CoInitialize(0); //error checking is needed - SCP
try
{
ISignedCode* pSignCode = NULL;
CLSID signClsid;
hr = CLSIDFromProgID(L"CAPICOM.SignedCode.1", &signClsid);
if (FAILED(hr))
{
//log error
throw hr;
}
hr = CoCreateInstance(signClsid, NULL,CLSCTX_ALL, __uuidof(ISignedCode),
(void**)&pSignCode);
if (FAILED(hr))
{
//log error
throw hr;
}
_bstr_t fname = SysAllocString(L"C:\\Program Files\\Microsoft
Office\\OFFICE11\\WINWORD.EXE");
hr = pSignCode->put_FileName( fname );
if (FAILED(hr))
{
//log error
throw hr;
}
hr = pSignCode->Verify(TRUE);
if (FAILED(hr))
{
//log error
throw hr;
}
}
catch (_com_error e)
{
hr = e.Error();
ATLTRACE(_T("Error [%#x]: %s.\n"), hr, e.ErrorMessage());
}
catch (HRESULT hr)
{
ATLTRACE(_T("Error [%#x]: CAPICOM error.\n"), hr);
}
catch(...)
{
ATLTRACE(_T("Unknown error.\n"));
}
CoUninitialize();
}
return nRetCode;
}
The code given above is successful for verifying winword.exe as it is signed
by a valid digital signature by Microsoft. But when we try to verify our
binary, it shows security warning. It says that our certificate is not
issued by a valid authority. It gives security warning of unknown publisher.
When I verify it with signtool.exe in command prompt, it shows successful
output with my file. But through this program it shows security warning.
Also, can you tell me how to suppress the dialog warning that I get or to
add any new dialog in it.
If you have any suggestion or information regarding this, please mail me to
shalin.cool...@gmail.com.thanks...
