![](/img/trans.png)
[英]How to list all signatures with signtool.exe while verifying against the kernel signing policy
[英]Signtool.exe succeeds but zero signatures are added to the file
我正在編寫一個自定義 CNG 提供程序(密鑰存儲提供程序)以允許使用我們在 Signtool.exe 中的私有 HSM API 進行簽名我在我的 CNG 提供程序中實現了這些 API 並成功安裝在我的 Windows 10 系統中。
命令:
signtool.exe sign /v /debug /f cert.cer /csp "Sample Key Storage Provider" /k "keyid" /t http://timestamp.digicert.com /fd sha256 helloworld.exe
Signtool.exe 成功返回代碼 0,但最終沒有向文件添加任何簽名。
驗證輸出:
signtool.exe verify /v /pa helloworld.exe
Verifying: helloworld.exe
Signature Index: 0 (Primary Signature)
Hash of file (sha256): 3338A11DDAB9CBB7B39E65C30F235C2DF8EDE17BB5BE759A3213D25EC286F390
Signing Certificate Chain:
Issued to: Sample Certificate Authority
Issued by: Sample Certificate Authority
Expires: Fri Feb 07 21:37:36 2070
SHA1 hash: 2B5B37DADFCBD018BDB2789176A69708FFCA25E0
Issued to: Sample test certificate
Issued by: Sample Certificate Authority
Expires: Thu May 28 13:40:10 2020
SHA1 hash: A679DF5E89B9C23E57E89AEB434CA98230F52DC3
The signature is timestamped: Sun Mar 29 16:44:01 2020
Timestamp Verified by:
Issued to: DigiCert Assured ID Root CA
Issued by: DigiCert Assured ID Root CA
Expires: Sun Nov 09 17:00:00 2031
SHA1 hash: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Issued to: DigiCert SHA2 Assured ID Timestamping CA
Issued by: DigiCert Assured ID Root CA
Expires: Tue Jan 07 05:00:00 2031
SHA1 hash: 3BA63A6E4841355772DEBEF9CDCF4D5AF353A297
Issued to: TIMESTAMP-SHA256-2019-10-15
Issued by: DigiCert SHA2 Assured ID Timestamping CA
Expires: Wed Oct 16 17:00:00 2030
SHA1 hash: 0325BD505EDA96302DC22F4FA01E4C28BE2834C5
SignTool Error: No signature found.
Number of files successfully Verified: 0
Number of warnings: 0
Number of errors: 1
但是,當我查看文件屬性中的“數字簽名”選項卡時,它確實顯示了一個條目。 當我選擇條目時,它說“主題中沒有簽名”。
我在這里缺少什么?
signtool.exe sign
/v
/debug
/f cert.cer
/csp "Sample Key Storage Provider"
/k "keyid"
/t http://timestamp.digicert.com
/fd sha256
helloworld.exe
文檔說使用/f
SignCertFile
:
.pfx
,則必須使用/p
指定密碼/csp
CSPName
/kc
PrivKeyContainerName
我看到你確實指定了/csp
:
/csp "Sample Key Storage Provider"
但是您沒有指定/kc
。
我確實看到您指定了/k
- 這沒什么。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.