nihilist/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt synced 2024-11-10 21:23:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Windows: Add possibility to sign binaries using SHA256 only. This fixes Windows Smart Screen warning when launching installer

Browse Source
This commit is contained in:
Mounir IDRASSI 2020-07-22 23:33:21 +02:00
parent c4a6269c8c
commit b6b6710d2b
No known key found for this signature in database
GPG Key ID: 02C30AE90FAE4A6F
2 changed files with 75 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/Common/Dlgcode.c
View File

@ -389,6 +389,16 @@ static unsigned char gpbSha1CodeSignCertFingerprint[64] = {
0xE9, 0x65, 0xA5, 0x61
};
static unsigned char gpbSha256CodeSignCertFingerprint[64] = {
0x88, 0x60, 0xC4, 0x26, 0x6D, 0x42, 0x59, 0x1B, 0xDF, 0x89, 0x0F, 0x1A,
0x2F, 0x70, 0x8D, 0xBB, 0xC0, 0xF0, 0x03, 0x1F, 0x37, 0x11, 0xF9, 0x24,
0x78, 0xDF, 0xD3, 0x60, 0xFB, 0xF3, 0xDC, 0xCA, 0x0D, 0x95, 0x06, 0x6A,
0x5E, 0xAD, 0x5C, 0xA3, 0x3E, 0x75, 0x55, 0x96, 0x7B, 0xD1, 0x0D, 0xC1,
0x00, 0xFE, 0xA0, 0x95, 0x13, 0x23, 0x20, 0x63, 0x26, 0x57, 0xFA, 0x6C,
0xE4, 0x27, 0xF8, 0x36
};
typedef HRESULT (WINAPI *SHGETKNOWNFOLDERPATH) (
_In_ REFKNOWNFOLDERID rfid,
_In_ DWORD dwFlags,
@ -13891,7 +13901,9 @@ BOOL VerifyModuleSignature (const wchar_t* path)
BYTE hashVal[64];
sha512 (hashVal, pProviderCert->pCert->pbCertEncoded, pProviderCert->pCert->cbCertEncoded);
if (0 == memcmp (hashVal, gpbSha1CodeSignCertFingerprint, 64))
if ( (0 == memcmp (hashVal, gpbSha1CodeSignCertFingerprint, 64))
|| (0 == memcmp (hashVal, gpbSha256CodeSignCertFingerprint, 64))
)
{
bResult = TRUE;
}

62
src/Signing/sign-sha256.bat Normal file
View File

@ -0,0 +1,62 @@
PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip
set VC_VERSION=1.24-Update7
set SIGNINGPATH=%~dp0
cd %SIGNINGPATH%
call "..\..\doc\chm\create_chm.bat"
cd %SIGNINGPATH%
rem sign using SHA-1
signtool sign /v /sha1 85aa2e55cfb9c38fe474c58b38e9521450cd9306 /ac DigiCert_Assured_ID_MS_Cross_Cert.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
timeout /t 10
rem sign using SHA-256
signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_R3Cross.cer /as /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
cd "..\Release\Setup Files\"
copy ..\..\LICENSE .
copy ..\..\License.txt .
copy ..\..\NOTICE .
del *.xml
rmdir /S /Q Languages
mkdir Languages
copy /V /Y ..\..\..\Translations\*.xml Languages\.
del Languages.zip
7z a -y Languages.zip Languages
rmdir /S /Q docs
mkdir docs\html\en
mkdir docs\EFI-DCS
copy /V /Y ..\..\..\doc\html\* docs\html\en\.
copy "..\..\..\doc\chm\VeraCrypt User Guide.chm" docs\.
copy "..\..\..\doc\EFI-DCS\*.pdf" docs\EFI-DCS\.
del docs.zip
7z a -y docs.zip docs
"VeraCrypt Setup.exe" /p
"VeraCrypt Portable.exe" /p
del LICENSE
del License.txt
del NOTICE
del "VeraCrypt User Guide.chm"
del Languages.zip
del docs.zip
rmdir /S /Q Languages
rmdir /S /Q docs
cd %SIGNINGPATH%
rem sign using SHA-256
signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\VeraCrypt Setup %VC_VERSION%.exe" "..\Release\Setup Files\VeraCrypt Portable %VC_VERSION%.exe"
pause