mirror of
https://github.com/veracrypt/VeraCrypt
synced 2024-11-10 13:13:34 +01:00
Windows: Add SHA-256 EV Code Signing using the new GlobalSign certificate on top of the SHA-1 code signing. Create new SHA256 test code signing certificate and update test signing script.
This commit is contained in:
Mounir IDRASSI
parent
a6c6c3dc4a
commit
dd1e62ebcd
BIN
src/Signing/GlobalSign_R1Cross.cer
Normal file
BIN
src/Signing/GlobalSign_R1Cross.cer
Normal file
Binary file not shown.
30
src/Signing/GlobalSign_Root_CA_MS_Cross_Cert.crt
Normal file
30
src/Signing/GlobalSign_Root_CA_MS_Cross_Cert.crt
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIFJjCCAw6gAwIBAgIKYSkVJwAAAAAAKjANBgkqhkiG9w0BAQUFADB/MQswCQYD
|
||||||
|
VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe
|
||||||
|
MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQDEyBNaWNyb3Nv
|
||||||
|
ZnQgQ29kZSBWZXJpZmljYXRpb24gUm9vdDAeFw0xMTA0MTUxOTU1MDhaFw0yMTA0
|
||||||
|
MTUyMDA1MDhaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52
|
||||||
|
LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3Qg
|
||||||
|
Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZjc6j40+Kfvvx
|
||||||
|
i4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6scTHAH
|
||||||
|
oT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4
|
||||||
|
bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVt
|
||||||
|
bNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlw
|
||||||
|
R5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N89iFo7+ryUp9/
|
||||||
|
k5DPAgMBAAGjgcswgcgwEQYDVR0gBAowCDAGBgRVHSAAMAsGA1UdDwQEAwIBhjAP
|
||||||
|
BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzAf
|
||||||
|
BgNVHSMEGDAWgBRi+wohW39DbhHaCVRQa/XSlnHxnjBVBgNVHR8ETjBMMEqgSKBG
|
||||||
|
hkRodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNy
|
||||||
|
b3NvZnRDb2RlVmVyaWZSb290LmNybDANBgkqhkiG9w0BAQUFAAOCAgEAX/jQZXRq
|
||||||
|
gcamylsDtpFK6Eu97yuhQvDvtKWtzTOJ7AuVhaxiUBEIqljSWqCDEOWmM3ryWvLF
|
||||||
|
/nh88JyD3xkK2XOWAC3WLM3pFNQdneg/PBp295BO+wE1CmyTE6DDVutnoOTRepbe
|
||||||
|
wmfxkPgKe/UyG5TsX3UfjRs02mxYp8stJ54iJrfJqjDMB3e4NuOCAbU5PMyN2adf
|
||||||
|
fyOzh3/bV5iRi9fOJSDjnWRP3Yf3K2hJAxjgpd98X2hkTTaDjUeB8ungqGmr+nsW
|
||||||
|
PAWkSeqIMBkKbHMFUXjf1B3dOtR/LeROVL6DQx56dDO0pOvXcHO8KgKYiWbu9ryP
|
||||||
|
dJN44ykCWlpD4ljOfM+aytI2iTviX9omBU7I1OcskQ4Xl8W+7osTESMjKU/6g9BQ
|
||||||
|
9rr61T2zFz30/wNKoyXc5nVh0fo1CGvWJ0TQaLeNReDrhSzIoV1hRHQWDllYrtK1
|
||||||
|
7qW81tcHarYpeP2XZ2fdjU8XlE/S7QyvlyQ3w6Kcgdpr4UO2V3tM7L95Exnnn+hE
|
||||||
|
6UeBt15wHpH4PdF7J/ULcFZDSAXdqS+rhhAdCxLjGtBMbnXe1kWzC3SIh5NcVkpB
|
||||||
|
Apr3rreZ2LZ/iPoR8kV89NcbkcAc8aD71AgKQRoUKs706zRIbmaHntVLejl/uw49
|
||||||
|
OGHPc1cG5BIGa9lrUwjNcBjCLU+XRpG8qfA=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
BIN
src/Signing/GlobalSign_SHA256_EV_CodeSigning_CA.cer
Normal file
BIN
src/Signing/GlobalSign_SHA256_EV_CodeSigning_CA.cer
Normal file
Binary file not shown.
35
src/Signing/TestCertificate/idrix_SHA256TestRootCA.crt
Normal file
35
src/Signing/TestCertificate/idrix_SHA256TestRootCA.crt
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIGKDCCBBCgAwIBAgIJAPNwP4lI5IZwMA0GCSqGSIb3DQEBCwUAMIGjMQswCQYD
|
||||||
|
VQQGEwJGUjEPMA0GA1UECBMGRlJBTkNFMQ4wDAYDVQQHEwVQQVJJUzEOMAwGA1UE
|
||||||
|
ChMFSURSSVgxITAfBgNVBAsTGFNlcnZpY2UgZGUgQ2VydGlmaWNhdGlvbjEfMB0G
|
||||||
|
A1UEAxMWSURSSVggVGVzdCBTSEEyNTYgUm9vdDEfMB0GCSqGSIb3DQEJARYQY29u
|
||||||
|
dGFjdEBpZHJpeC5mcjAeFw0xNjAxMTYxMTUwMDBaFw0zNjAxMTExMTUwMDBaMIGj
|
||||||
|
MQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRlJBTkNFMQ4wDAYDVQQHEwVQQVJJUzEO
|
||||||
|
MAwGA1UEChMFSURSSVgxITAfBgNVBAsTGFNlcnZpY2UgZGUgQ2VydGlmaWNhdGlv
|
||||||
|
bjEfMB0GA1UEAxMWSURSSVggVGVzdCBTSEEyNTYgUm9vdDEfMB0GCSqGSIb3DQEJ
|
||||||
|
ARYQY29udGFjdEBpZHJpeC5mcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
|
||||||
|
ggIBANuY1v1iYcZ9LQbIqSA/gmhci27aUiD/hLGLyp4EvR31qVNdDbPX9BoL+Eky
|
||||||
|
OK5UwmlpYeJ1ClQm4dRL/eYVga02xk1HBbFzMdEd4BTihymdmyjEmefFulfieXmp
|
||||||
|
eHqv5+vQIs7lv5izjHKYoXjrlU0udVUodkYRxzU52rKOhoJeiv83WxilMvip1/5i
|
||||||
|
hk5PFlqHV+fPwZ5sUzVWqtRiO8a/GQsqU76nbOcpDC2XFWkQZ3r8Y9KMwcCO6/2W
|
||||||
|
l64XP1nuwSAvPDa/22uOddTYindrTRSE5/Sdt5/WmO0RUJJHcLREUhLholaLO9et
|
||||||
|
isQL3jpvxzNWPGrP+Qnq3rjLRTCW2MlztsalQTnAZVdAWkWpIdse3rAea0rrH9sD
|
||||||
|
CBuQP5ZHIGHJIEwJ7lDuX4MW/qsYNXgjgr2oEQMEfCAOhlWyij1rw/5w89MHeBYv
|
||||||
|
iZvDv3+Ut3oENoWKqoCiAOw7pOX7ucDlaTTd9AT6oNHGVUhzfFWQG6+ep8JZbFYc
|
||||||
|
CKc0jePYCCjmiiP0BkT9k8COBXfofylG1NHgtaevn4UzZecN5vd4DLR55iwLjZl/
|
||||||
|
0YQ6QADH8mPkHGBjthLgE0Aw4nmolKNnjuYHJq0CsoalcGIizfz62aWKkEzVW7xo
|
||||||
|
UWLkdnOc9mlWWLlzoxjrNZ4Nd0x+tCtE98lEsj8EgKmI9xpbAgMBAAGjXTBbMB0G
|
||||||
|
A1UdDgQWBBS/pppkb7p9BT/BVTiGqiiP2681HDAfBgNVHSMEGDAWgBS/pppkb7p9
|
||||||
|
BT/BVTiGqiiP2681HDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG
|
||||||
|
9w0BAQsFAAOCAgEAVslsFGfU9luvWD9+/vfgcqUvLGL8jZPxgHZWD+nzEDjFdETp
|
||||||
|
H9N9LVH3hu7eg8ZwU4CnpUujoo+t73GxS4prbzzThZ98uFAxYEcVzKndPa662d8U
|
||||||
|
D0Jl5+bCyMhOIl1OpDG5vV/YReWfpfmBMdZvX7ax8fqtqsoxi/zuqiWeMxMc6GHt
|
||||||
|
TOupBVanW4Bw6PhVEnjZRQMMbv/0W11NBI6m6yVKGnJUcmMx1Pyc8xg34QgHmhOj
|
||||||
|
EQ0WaNW5BgDwcPTA5lKnhWZ8JUk86vvNhqf0AY9Kqa9iMLRLBHTp8UV9daA4UMDp
|
||||||
|
jjgukdYouNWb5rFbJtFdKYUYPTB0AWVDC+3ML97lZzyNS7H/DeBZS6V/5f+yartk
|
||||||
|
t7berj9NXi+1jU+a3O45yrvSleahyBuKyCzL3E/fTdgyoLFEoh8xN62/wfwe7DnV
|
||||||
|
onsekRnSDJnwKKZdkGN/xzsk3l0gcfLLq58Tk0wuLOZBtYF8H728VsQW+WPXGzpr
|
||||||
|
l7V5j5mllxw/EB4rUQa1c9Nea0+E0nloor0vgLVdvnYc9fDvVUNVOUt9uw8kFTmA
|
||||||
|
qXn194A/SKA2ZBJ8Y3kxQe+lFXvqRMz4HaCGeK7VBcvoRE0TTdkpiM+m7fFo7cOL
|
||||||
|
YdhffQjie2l4ACygMeU7ggw1cM7gFa820MnV04SGHiMQ19F5p3rn0wDITT0=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
BIN
src/Signing/TestCertificate/idrix_Sha256CodeSign.pfx
Normal file
BIN
src/Signing/TestCertificate/idrix_Sha256CodeSign.pfx
Normal file
Binary file not shown.
@ -1,12 +1,13 @@
|
|||||||
PATH=%PATH%;%WSDK81%\bin\x86
|
PATH=%PATH%;%WSDK81%\bin\x86
|
||||||
|
|
||||||
rem sign using SHA-1
|
rem sign using SHA-1
|
||||||
signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
|
signtool sign /v /a /n IDRIX /i Thawte /ac thawte_Primary_MS_Cross_Cert.cer /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
signtool sign /v /a /n IDRIX /i Thawte /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
||||||
|
|
||||||
rem sign using SHA-256
|
rem sign using SHA-256
|
||||||
signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
|
signtool sign /v /a /n "IDRIX SARL" /i GlobalSign /ac GlobalSign_Root_CA_MS_Cross_Cert.crt /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
signtool sign /v /a /n "IDRIX SARL" /i GlobalSign /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
||||||
|
|
||||||
|
|
||||||
cd "..\Release\Setup Files\"
|
cd "..\Release\Setup Files\"
|
||||||
|
|
||||||
@ -19,8 +20,8 @@ del *.xml
|
|||||||
cd "..\..\Signing"
|
cd "..\..\Signing"
|
||||||
|
|
||||||
rem sign using SHA-1
|
rem sign using SHA-1
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
signtool sign /v /a /n IDRIX /i Thawte /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
||||||
rem sign using SHA-256
|
rem sign using SHA-256
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
signtool sign /v /a /n "IDRIX SARL" /i GlobalSign /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
||||||
|
|
||||||
pause
|
pause
|
||||||
|
|||||||
@ -2,12 +2,16 @@ PATH=%PATH%;%WSDK81%\bin\x86
|
|||||||
|
|
||||||
set PFXNAME=TestCertificate\idrix_codeSign.pfx
|
set PFXNAME=TestCertificate\idrix_codeSign.pfx
|
||||||
set PFXPASSWORD=idrix
|
set PFXPASSWORD=idrix
|
||||||
|
set PFXCA=TestCertificate\idrix_TestRootCA.crt
|
||||||
|
set SHA256PFXNAME=TestCertificate\idrix_Sha256CodeSign.pfx
|
||||||
|
set SHA256PFXPASSWORD=idrix
|
||||||
|
set SHA256PFXCA=TestCertificate\idrix_SHA256TestRootCA.crt
|
||||||
|
|
||||||
rem sign using SHA-1
|
rem sign using SHA-1
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
||||||
|
|
||||||
rem sign using SHA-256
|
rem sign using SHA-256
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
||||||
|
|
||||||
cd "..\Release\Setup Files\"
|
cd "..\Release\Setup Files\"
|
||||||
|
|
||||||
@ -20,9 +24,9 @@ del *.xml
|
|||||||
cd "..\..\Signing"
|
cd "..\..\Signing"
|
||||||
|
|
||||||
rem sign using SHA-1
|
rem sign using SHA-1
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
||||||
|
|
||||||
rem sign using SHA-256
|
rem sign using SHA-256
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
||||||
|
|
||||||
pause
|
pause
|
||||||
Loading…
Reference in New Issue
Block a user