nihilist/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt synced 2024-11-28 14:03:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Windows: Add SHA-256 EV Code Signing using the new GlobalSign certificate on top of the SHA-1 code signing. Create new SHA256 test code signing certificate and update test signing script.

Browse Source
This commit is contained in:
Mounir IDRASSI 2016-01-16 16:50:33 +01:00
parent a6c6c3dc4a
commit dd1e62ebcd
7 changed files with 80 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
src/Signing/GlobalSign_R1Cross.cer Normal file
View File

Binary file not shown.

30
src/Signing/GlobalSign_Root_CA_MS_Cross_Cert.crt Normal file
View File

@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIFJjCCAw6gAwIBAgIKYSkVJwAAAAAAKjANBgkqhkiG9w0BAQUFADB/MQswCQYD
VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe
MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQDEyBNaWNyb3Nv
ZnQgQ29kZSBWZXJpZmljYXRpb24gUm9vdDAeFw0xMTA0MTUxOTU1MDhaFw0yMTA0
MTUyMDA1MDhaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52
LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3Qg
Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZjc6j40+Kfvvx
i4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6scTHAH
oT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4
bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVt
bNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlw
R5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N89iFo7+ryUp9/
k5DPAgMBAAGjgcswgcgwEQYDVR0gBAowCDAGBgRVHSAAMAsGA1UdDwQEAwIBhjAP
BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzAf
BgNVHSMEGDAWgBRi+wohW39DbhHaCVRQa/XSlnHxnjBVBgNVHR8ETjBMMEqgSKBG
hkRodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNy
b3NvZnRDb2RlVmVyaWZSb290LmNybDANBgkqhkiG9w0BAQUFAAOCAgEAX/jQZXRq
gcamylsDtpFK6Eu97yuhQvDvtKWtzTOJ7AuVhaxiUBEIqljSWqCDEOWmM3ryWvLF
/nh88JyD3xkK2XOWAC3WLM3pFNQdneg/PBp295BO+wE1CmyTE6DDVutnoOTRepbe
wmfxkPgKe/UyG5TsX3UfjRs02mxYp8stJ54iJrfJqjDMB3e4NuOCAbU5PMyN2adf
fyOzh3/bV5iRi9fOJSDjnWRP3Yf3K2hJAxjgpd98X2hkTTaDjUeB8ungqGmr+nsW
PAWkSeqIMBkKbHMFUXjf1B3dOtR/LeROVL6DQx56dDO0pOvXcHO8KgKYiWbu9ryP
dJN44ykCWlpD4ljOfM+aytI2iTviX9omBU7I1OcskQ4Xl8W+7osTESMjKU/6g9BQ
9rr61T2zFz30/wNKoyXc5nVh0fo1CGvWJ0TQaLeNReDrhSzIoV1hRHQWDllYrtK1
7qW81tcHarYpeP2XZ2fdjU8XlE/S7QyvlyQ3w6Kcgdpr4UO2V3tM7L95Exnnn+hE
6UeBt15wHpH4PdF7J/ULcFZDSAXdqS+rhhAdCxLjGtBMbnXe1kWzC3SIh5NcVkpB
Apr3rreZ2LZ/iPoR8kV89NcbkcAc8aD71AgKQRoUKs706zRIbmaHntVLejl/uw49
OGHPc1cG5BIGa9lrUwjNcBjCLU+XRpG8qfA=
-----END CERTIFICATE-----

BIN
src/Signing/GlobalSign_SHA256_EV_CodeSigning_CA.cer Normal file
View File

Binary file not shown.

35
src/Signing/TestCertificate/idrix_SHA256TestRootCA.crt Normal file
View File

@ -0,0 +1,35 @@
-----BEGIN CERTIFICATE-----
MIIGKDCCBBCgAwIBAgIJAPNwP4lI5IZwMA0GCSqGSIb3DQEBCwUAMIGjMQswCQYD
VQQGEwJGUjEPMA0GA1UECBMGRlJBTkNFMQ4wDAYDVQQHEwVQQVJJUzEOMAwGA1UE
ChMFSURSSVgxITAfBgNVBAsTGFNlcnZpY2UgZGUgQ2VydGlmaWNhdGlvbjEfMB0G
A1UEAxMWSURSSVggVGVzdCBTSEEyNTYgUm9vdDEfMB0GCSqGSIb3DQEJARYQY29u
dGFjdEBpZHJpeC5mcjAeFw0xNjAxMTYxMTUwMDBaFw0zNjAxMTExMTUwMDBaMIGj
MQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRlJBTkNFMQ4wDAYDVQQHEwVQQVJJUzEO
MAwGA1UEChMFSURSSVgxITAfBgNVBAsTGFNlcnZpY2UgZGUgQ2VydGlmaWNhdGlv
bjEfMB0GA1UEAxMWSURSSVggVGVzdCBTSEEyNTYgUm9vdDEfMB0GCSqGSIb3DQEJ
ARYQY29udGFjdEBpZHJpeC5mcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
ggIBANuY1v1iYcZ9LQbIqSA/gmhci27aUiD/hLGLyp4EvR31qVNdDbPX9BoL+Eky
OK5UwmlpYeJ1ClQm4dRL/eYVga02xk1HBbFzMdEd4BTihymdmyjEmefFulfieXmp
eHqv5+vQIs7lv5izjHKYoXjrlU0udVUodkYRxzU52rKOhoJeiv83WxilMvip1/5i
hk5PFlqHV+fPwZ5sUzVWqtRiO8a/GQsqU76nbOcpDC2XFWkQZ3r8Y9KMwcCO6/2W
l64XP1nuwSAvPDa/22uOddTYindrTRSE5/Sdt5/WmO0RUJJHcLREUhLholaLO9et
isQL3jpvxzNWPGrP+Qnq3rjLRTCW2MlztsalQTnAZVdAWkWpIdse3rAea0rrH9sD
CBuQP5ZHIGHJIEwJ7lDuX4MW/qsYNXgjgr2oEQMEfCAOhlWyij1rw/5w89MHeBYv
iZvDv3+Ut3oENoWKqoCiAOw7pOX7ucDlaTTd9AT6oNHGVUhzfFWQG6+ep8JZbFYc
CKc0jePYCCjmiiP0BkT9k8COBXfofylG1NHgtaevn4UzZecN5vd4DLR55iwLjZl/
0YQ6QADH8mPkHGBjthLgE0Aw4nmolKNnjuYHJq0CsoalcGIizfz62aWKkEzVW7xo
UWLkdnOc9mlWWLlzoxjrNZ4Nd0x+tCtE98lEsj8EgKmI9xpbAgMBAAGjXTBbMB0G
A1UdDgQWBBS/pppkb7p9BT/BVTiGqiiP2681HDAfBgNVHSMEGDAWgBS/pppkb7p9
BT/BVTiGqiiP2681HDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG
9w0BAQsFAAOCAgEAVslsFGfU9luvWD9+/vfgcqUvLGL8jZPxgHZWD+nzEDjFdETp
H9N9LVH3hu7eg8ZwU4CnpUujoo+t73GxS4prbzzThZ98uFAxYEcVzKndPa662d8U
D0Jl5+bCyMhOIl1OpDG5vV/YReWfpfmBMdZvX7ax8fqtqsoxi/zuqiWeMxMc6GHt
TOupBVanW4Bw6PhVEnjZRQMMbv/0W11NBI6m6yVKGnJUcmMx1Pyc8xg34QgHmhOj
EQ0WaNW5BgDwcPTA5lKnhWZ8JUk86vvNhqf0AY9Kqa9iMLRLBHTp8UV9daA4UMDp
jjgukdYouNWb5rFbJtFdKYUYPTB0AWVDC+3ML97lZzyNS7H/DeBZS6V/5f+yartk
t7berj9NXi+1jU+a3O45yrvSleahyBuKyCzL3E/fTdgyoLFEoh8xN62/wfwe7DnV
onsekRnSDJnwKKZdkGN/xzsk3l0gcfLLq58Tk0wuLOZBtYF8H728VsQW+WPXGzpr
l7V5j5mllxw/EB4rUQa1c9Nea0+E0nloor0vgLVdvnYc9fDvVUNVOUt9uw8kFTmA
qXn194A/SKA2ZBJ8Y3kxQe+lFXvqRMz4HaCGeK7VBcvoRE0TTdkpiM+m7fFo7cOL
YdhffQjie2l4ACygMeU7ggw1cM7gFa820MnV04SGHiMQ19F5p3rn0wDITT0=
-----END CERTIFICATE-----

BIN
src/Signing/TestCertificate/idrix_Sha256CodeSign.pfx Normal file
View File

Binary file not shown.

13
src/Signing/sign.bat
View File

@ -1,12 +1,13 @@
PATH=%PATH%;%WSDK81%\bin\x86 PATH=%PATH%;%WSDK81%\bin\x86
rem sign using SHA-1 rem sign using SHA-1
signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" signtool sign /v /a /n IDRIX /i Thawte /ac thawte_Primary_MS_Cross_Cert.cer /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" signtool sign /v /a /n IDRIX /i Thawte /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
rem sign using SHA-256 rem sign using SHA-256
signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" signtool sign /v /a /n "IDRIX SARL" /i GlobalSign /ac GlobalSign_Root_CA_MS_Cross_Cert.crt /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" signtool sign /v /a /n "IDRIX SARL" /i GlobalSign /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
cd "..\Release\Setup Files\" cd "..\Release\Setup Files\"
@ -19,8 +20,8 @@ del *.xml
cd "..\..\Signing" cd "..\..\Signing"
rem sign using SHA-1 rem sign using SHA-1
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe" signtool sign /v /a /n IDRIX /i Thawte /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
rem sign using SHA-256 rem sign using SHA-256
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt Setup 1.16.exe" signtool sign /v /a /n "IDRIX SARL" /i GlobalSign /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
pause pause

12
src/Signing/sign_test.bat
View File

@ -2,12 +2,16 @@ PATH=%PATH%;%WSDK81%\bin\x86
set PFXNAME=TestCertificate\idrix_codeSign.pfx set PFXNAME=TestCertificate\idrix_codeSign.pfx
set PFXPASSWORD=idrix set PFXPASSWORD=idrix
set PFXCA=TestCertificate\idrix_TestRootCA.crt
set SHA256PFXNAME=TestCertificate\idrix_Sha256CodeSign.pfx
set SHA256PFXPASSWORD=idrix
set SHA256PFXCA=TestCertificate\idrix_SHA256TestRootCA.crt
rem sign using SHA-1 rem sign using SHA-1
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
rem sign using SHA-256 rem sign using SHA-256
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
cd "..\Release\Setup Files\" cd "..\Release\Setup Files\"
@ -20,9 +24,9 @@ del *.xml
cd "..\..\Signing" cd "..\..\Signing"
rem sign using SHA-1 rem sign using SHA-1
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe" signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
rem sign using SHA-256 rem sign using SHA-256
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt Setup 1.16.exe" signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
pause pause