Code Signing Error (tab-delimited string BROKEN)

Started by usheretov, Today at 02:54:30 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

usheretov

Today at 02:54:30 AM
Im having a problem with Built-in Winbatch Code Signing - all of a sudden it stopped working, nothing has changed - when I compile, I get the following error:

FAILED
File signing Error:
0

Certifiacte is intalled properly, working (previously) valid until 2026
I updated to with the latest version of WinBatch, same problem.

When I remove [ ] Use RFC 3161 Timestamp (Recommended), same problem

FAILED
Error signing file error:
-2147012889

** UPDATE **
Using the CODESIGN.WBT in samples, I was able to replicate the same problem...

after troubleshooting the problem is in the "if statement":

BEFORE:
; Sign file based on certificate data like friendly name
              certdata =  filetosign : @tab : friendlyname : @tab : desc : @tab : url : @tab : timestamp
              if p1 == 3 then  certdata := @tab : "SHA256"
              IntControl(93, p1, certdata, 0,  0)

ERROR: 0

AFTER:
; Sign file based on certificate data like friendly name
              certdata =  filetosign : @tab : friendlyname : @tab : desc : @tab : url : @tab : timestamp : @tab : "SHA256"
              ;if p1 == 3 then  certdata := @tab : "SHA256"
              IntControl(93, p1, certdata, 0,  0)

WORKS: "Notice!", "The file has been signed successfully."

also: custom timestamp server is not replaced within witnbatch, although i specifiy http://timestamp.sectigo.com?td=sha256, the old default timeserver.dll remains as a second line.

is there a way to modify Winbacth compile settings? it saves a lot of time to compile in winbatch, and we are using a workaround at the moment that has slowed us down.

td

#1
Today at 07:53:15 AM
A simple example shows that the "tab-delimited string BROKEN" diagnosis is not correct:
Code Select
filetosign = "exanok.wbt"
friendlyname = "example cert"
desc = "Example"
url = "https:\\example.com"
timestamp = "http://timestamp.sectigo.com"
p1 = 3

certdata =  filetosign : @tab : friendlyname : @tab : desc : @tab : url : @tab : timestamp
certdata1 = filetosign : @tab : friendlyname : @tab : desc : @tab : url : @tab : timestamp: @tab : "SHA256"
if p1 == 3 then  certdata := @tab : "SHA256"

if certdata == certdata1 then Text = 'Same'
else Text = 'Different'
Message('Comparision Result', text)

Currently, there is no way to change the time stamp URL in the compiler. It is not uncommon for certificate authorities to have problems with time stamp servers so it may be a temporary issue. It could also be the case that Digicert has dropped support for the Symantec timestamp server.

We will consider adding the ability to change the timestamp URL in the next release. In the interim you could write a simple script to run the compiler in silent mode without code signing and sign the file after the compile is complete using IntControl 93. It should be almost as fast as signing using the compiler.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade
Print
Go Up Pages1
User actions