I am trying to write a simple console app in Visual Studio 2022 and then debug it. This would be so simple but the IT dept here have added a group policy that all applications must be digitally signed before they can be executed.
How can I sign the compiled executable file in order to run it in the VS debugger? I have a PFX certificate file but nothing I've tried seems to add a signature to the file properties in the exe file in the bin folder.
Thank you in advance.
I have tried:
Installing the certificate which was successful.
Generating a strong name snk file and ticking the option to sign the assembly which was successful.
Running the signtool in PS to apply the certificate which failed.
I would like to sign the executable as part of the build process in order to hit F5 and debug as normal.
Related
I am currently trying to sign VBA macros in Excel and Word and Powershell scripts via the cmd.
For this purpose I use the Microsoft signtool.exe as part of the Windows 10 SDK:
https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk/
Signing Powershell scripts using the following command works fine:
signtool.exe sign /f "testca.pfx" /fd SHA256 /p "123456" "test.ps1"
For signing macros in Office documents, "Microsoft Office Subject Interface Packages for Digitally Signing VBA Projects" is also required:
https://www.microsoft.com/en-us/download/confirmation.aspx?id=56617
I downloaded the .exe and executed it.
Registering the .dll files using: "regsvr32" also worked. The paths to the .dll files are visible in the registry.
Microsoft Visual C++ 2015-2019 Redistributable (x86) is also installed.
So theoretically I should be able to sign Excel macros now.
However, my server receives an error message with an error code, which I can't find anything about in Google.
Here is the complete output:
The following certificates were considered:
Issued to: TestCA
Issued by: TestCA
Expires: Wed Feb 03 08:53:09 2021
SHA1 hash: E19CE363C88CDBCE677FA170008D0AB0D98A02DC
After EKU filter, one certs were left. After expiry filter, 1 certs were left.
After Private Key filter, 1 certs were left. The following certificate was selected:
Issued to: TestCA
Issued by: TestCA
Expires: Wed Feb 03 08:53:09 2021
SHA1 hash: E19CE363C88CDBCE677FA170008D0AB0D98A02DC
The following additional certificates will be attached: Done Adding
Additional Store SignTool Error: An unexpected internal error has occurred.
Error information: "Error: SignerSign() failed. (-2147220492/0x800403f4)
I have now performed the installation as described above several times on different computers, all with admin rights and current updates:
Private win10 computer: .ps1 and .xlsm signing is possible
VM with win10 from work: .ps1 and .xlsm signing is possible
Private VM with win 7: only .ps1 signing works
Private VM with Win10: only .ps1 signing works
TerminalServer with Windows Server 2012: only .ps1 signing works
What you can probably say is that signtool.exe works as such, because I can sign PowerShell scripts on all machines.
But signing macros does not always work. Probably has something to do with the interface packages?
I hope somebody has had the same problem before and can help. Because I'm going crazy with this. Thanks a lot!
Well, it took me a long time, but I'm up and running now. If anybody else has the same problem:
The "Microsoft Office Subject Interface Packages for Digitally Signing VBA Projects" .zip contained a readme.txt saying "Microsoft Visual C++ Redistributal (x86)" must be installed. The link behind it downloaded the "Microsoft Visual C++ 2015-2019 Redistributal (x86)", which is the latest version.
I have now tested all available versions of the last years and the only working one is the 2010 version. I don't know why the readme.txt refers to a different version, but the bug and the "solution" are definitely reproducible.
Anyway, use Visual C++ 2010 and everything is fine!
I am new to code signing. My goal is to be able to sign a setup.exe generated by Visual Studio and install it on my Windows 7 PC and my friends' Windows PCs without triggering unverified publisher or other warnings. The following approach did not work. What other steps do I need to take to achieve this?
On Windows 7, I followed the Original Answer at
How do I create a self-signed certificate for code signing on Windows? by completing following steps.
- created & imported CA
- created SPC & converted to PFX
- used first signtool command to sign a setup.exe generated by Visual Studio 2015.
The Digital Signatures General tab now says the "The digital signature is OK". But running the setup.exe on my Windows 7 PC triggers an Application Install Security Warning which says "The publisher cannot be verified. Are you sure you want to install this application?".
I have a question related with code signing.
I have EV Code Signing certificate and crypto card. Usually when I sign exe or msi I use VS Command Prompt and SignTool but in case of VSTO SignTool does not recognize the file format.
I've created VSTO Excel 2010 addin (with compatibility with Office 2010, 2013 and 2016) and whole app packed into Windows Setup Project => msi.
I can sign msi using SignTool so during installtion the publisher is Windows prompt is safe/known. But then when I start Excel there is a prompt to install addin as it is from unknown publisher...
I've tried to use mage to update .vsto and .manifest files but with no success -> mage could not use this certifiacte to sign error and nothing else ...
Thanks in advance for any tips how to sign vsto using EV Code Signing with password.
Ok, so I figured out problem...
Deployment machine - Windows 10 build 15063.296 (64-bit)
Visual Studio 2017
EV Code Signing Certificate
Steps to undertake:
Update Visual Studio to version 15.5.
Open solution.
Clean solution.
Switch off all things from usb ports...
Switch on crypto card USB.
Right click on project.
In signing check the Sign the ClicOnce Manifest.
Select From Store and select Your EV certificate.
Build solution - You should get prompt for password to Your crypto card.
In my case solution was deployed using Windows Setup Project.
So:
Build setup project - You should also get prompt for password to Your crypto card.
Open Developers command prompt and use SignTool.exe to sign .msi with EV certificate.
As a result Your installer is signed and You are trusted publisher. When You open Office then Your add in is also from trusted publisher.
I can successfully batch build the application with
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TestApplication.sln /t:Build /p:Configuration=Release;Platform=x64;DeployOnBuild=true
The problem is how to start it. I can see two potential solutions:
Deployed application can be started from the command line or WinApi. The problem is that DeployOnBuild flag seems to be ignored, so the application is built, but not deployed. Is there any way to deploy a metro application, other than using Visual Studio GUI?
Maybe there is a way to run an undeployed application? Using a Visual Studio tool for example.
Thank you.
When creating the Windows 8 application packages, the build process also creates the powershell script file Add-AppDevPackage.ps1. As this is something that can be used for side-loading applications, I'd assume that you could also call this as a part of your process. You should run it manually once first to obtain developer certificate (which will expire after 3 months) and install the app signing certificate, if required. Looking at the script, using a -Force parameter should suppress the certificate installation confirmation dialog.
Under the covers the script relies on Add-AppxPackage cmdlet.
For starting the application, check out this SuperUser question.
I'm developing a Windows Mobile application for internal company use, using the Windows Mobile 6 Professional SDK. Same old story: I've developed and tested on the emulator and all is well, but as soon as I deploy to advice I get an UnauthorizedAccessException when writing files or creating directories.
I'm aware that an application installed to a device needs to be signed but I'm running into roadblocks at every turn:
Using the project properties 'Devices' window I select 'Sign the project output with this certificate, and choose one of the sample certificates from the SDK. This results in a build error: "The signer's certificate is not valid for signing" when running SignTool.
If I try to run SignTool.exe from the commandline, I get an error telling me to run SignTool.exe from a location in the system's PATH.
I can't use the 'Signing' tab in the Project Properties to create a test certificate - this is greyed out (presumably for WinMobile projects?).
If at all possible, I would like to avoid having to go through Versign or the like to get a Mobile2Market certificate. If I have to go this route for a final version that's fine, but I need to at least be able to test the app on real devices.
Any advice would be most welcome!
First, make sure you really do need to sign it (you might be able to adjust the device security model).
If you do, then run signtool.exe, but from a Visual Studio command prompt. The easiest way to get there is fromt he Start menu, select Microsoft Visual Studio 2008->Visual Studio Tools->Visual Studio 2008 Command Prompt. This will set up all the proper pathing for you.