Signtool:签名和约会通过，但验证失败 [英] Signtool: signing and dating passes, but verification fails

问题描述

我刚从Thawte购买了代码签名证书，但在验证过程中遇到了麻烦签名后.我尝试过两种方式(在批处理文件中)对可执行文件进行签名:

方法1:

pvk2pfx -pvk mykey.pvk -spc mycert.spc -pfx mypfx.pfx- pi rom828 -f

设置File = bw700.exe

设置TimeURL = http://timestamp.verisign.com/scripts/timstamp. dll

signtool.exe标志/f mypfx.pfx/p mypassord/v％文件％""

signtool.exe时间戳/v/t％TimeURL％" "％File％"

signtool.exe验证/v/a

方法2:

set Product = BibleWorks

设置File = bw700.exe

设置TimeURL = http://timestamp.verisign.com/scripts/timstamp. dll

签名代码-spc mycert.spc -v mykey.pvk -n"％Product ％" -t"％TimeURL％" "％File％"

chktrust.exe/q/v％File％"

这两种方法在签名和时间戳过程中均不会产生错误.

第二种方法在chktrust过程中不会产生错误消息.

但是第一种方法未通过验证过程并说:

>无法使用目录来验证此文件.

SignTool错误:证书链已处理，但终止于

…

…

SignTool错误:文件无效:bw700.exe

成功验证的文件数:0

警告数量:0

错误数量:1"

我的问题是这是怎么回事?可执行文件是否已签名?似乎顺利通过了符号代码过程.但是，我无法使用该过程，因为它会提示输入密码并且无法自动执行.但是第一种方法(最新方法)使验证文本失败.它还会产生一个很大的文件，即意味着任何东西.

我在墙上撞头.任何帮助将不胜感激.

谢谢.

Mike

解决方案

我只是在Vista RTM下遇到了完全相同的问题.看来Thawte根证书没有显示在证书路径中.我真的很想知道这是怎么回事.

Hi,

I just purchased a code signing certificate from Thawte and am having trouble with the verification process after signing. I have tried signing my executable two ways as follows (in a batch file):

 

Method 1:

pvk2pfx -pvk mykey.pvk -spc mycert.spc -pfx mypfx.pfx -pi rom828 -f

set File=bw700.exe

set TimeURL=http://timestamp.verisign.com/scripts/timstamp.dll

signtool.exe sign /f mypfx.pfx /p mypassord /v "%File%"

signtool.exe timestamp /v /t "%TimeURL%" "%File%"

signtool.exe verify /v /a  "%File%"

 

Method 2:

set Product=BibleWorks

set File=bw700.exe

set TimeURL=http://timestamp.verisign.com/scripts/timstamp.dll

signcode -spc mycert.spc -v mykey.pvk -n "%Product%" -t "%TimeURL%" "%File%"

chktrust.exe /q /v "%File%"

 

Both methods generate no errors in the signing and timestamping process.

The second method generates no error message during the chktrust process.

 

However method number one fails the verification process and says:

 

"Unable to verify this file using a catalog.

SignTool Error: A certificate chain processed, but terminated in a

        certificate which is not trusted by the trust provider.

…

…

SignTool Error: File not valid: bw700.exe

Number of files successfully Verified: 0

Number of warnings: 0

Number of errors: 1"

 

My question is what is going on here? Is the executable signed or not? It seems to pass the signcode procedure with no problems. However I can't use that procedure because it prompts for a password and can't be automated. But the first method (the newest) fails the verification text. It also produces a significantly large file is that means anything.

 

I'm beating my head against a wall. Any help would be appreciated.

Thanks.

 

Mike

 

 

解决方案

I just hit exactly the same problem under Vista RTM. It seems like the root Thawte certificate is not showing in the certificates path. I would really like to know what's going on here.

这篇关于Signtool:签名和约会通过，但验证失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！