如何使用GoDaddy（使用Ubuntu）的.SPC或.PEM文件对代码（.EXE文件）签名？ [英] How to sign code (.EXE file) with a .SPC or .PEM file from GoDaddy (using Ubuntu)?

问题描述

我已经看到很多有关此问题的问题和答案，并且尝试了所有这些问题都没有成功。

I've seen a lot of questions and answers regarding this issue and I've tried all of them without success.

Godaddy仅向我提供.SPC和.PEM文件。当然，我有用于请求证书的.key文件和.csr。

Godaddy is only providing to me .SPC and .PEM files. Of course I have my .key file and the .csr that I used to request the certificate.

以前（与其他公司提供的其他代码签名证书一起），我有一个我曾经用来创建.spc和.der文件的pfx文件，最后我使用osslsigncode对可执行文件进行签名，但这不再起作用。

Previously (with other code signing certificates provided by other companies) I had a pfx file that I used to create .spc and .der files that finally I used to sign my executables using osslsigncode, but this is not working anymore.

当前，当我尝试从我的.pem文件创建一个.der文件：

Currently when I try to create a .der file from my .pem file:

openssl rsa -outform der -in cert.pem -out cert.der

我收到以下错误：

无法加载私钥
139732378019488：错误：0906D06C：PEM例程：PEM_read_bio：无起始行：pem_lib.c：696：期望：任何私钥

unable to load Private Key 139732378019488:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:696:Expecting: ANY PRIVATE KEY

所以我要做的是将.key添加到我的.pem文件中：

So what I do is to add my .key to my .pem file:

cat myKey.key cert.pem > cert_key.pem

这样，openssl创建.der文件，并且我可以对可执行文件使用osslsigncode，godaddy提供的.spc文件和创建的.der文件：

In this way openssl is creating the .der file and I'm able to sign the executable using osslsigncode, the .spc file provided by godaddy and the created .der file:

osslsigncode -spc gd.spc -key cert.der -in unsigned_exe.exe -out signed_exe.exe

此时exe文件已成功已签名，但是当我在Windows上对其进行测试时，出现了问题，因为它无法识别签名。检查文件属性，我发现代码签名者是 Go Daddy 2类证书颁发机构，并且证书详细信息显示主题中没有签名

At this point the exe file is successfully signed, but when I test it on windows there is something wrong because it does not recognize the signature. Checking the file properties I find that the code signer is "Go Daddy Class 2 Certification Authority" and the certificate details says "No signature was present in the subject"

尝试执行与上述步骤相同的操作但未成功，但使用的Pem文件仅包含我的.key和我公司的证书（godaddy cert.pem中包含的最后一个证书）。在那种情况下的结果是相似的。 Windows在执行时不显示证书，但是在文件属性中，我可以找到代码签名者是我的公司。当我检查证书详细信息时，它说的是相同的：主题中没有签名

I also have tried unsuccessfully to do the same procedure described but using a pem file just including my .key and the certificate of my company (the last one included in the godaddy cert.pem). The result in that case is similar. Windows does not show the certificate when executing, but in file properties I'm able to find that the code signer is my company. When I check the certificate details it says the same: "No signature was present in the subject"

最后，我尝试执行此问题中描述的相同步骤（使用Mono符号代码）：在基于Linux的发行版上签名Windows应用程序

Finally I've tried to do the same procedure described in this question (using mono signcode): Signing Windows application on Linux-based distros

推荐答案

在我的Ubuntu中更新OSSLSIGNCODE的问题已解决。

The problem was solved updating OSSLSIGNCODE in my Ubuntu...

这篇关于如何使用GoDaddy（使用Ubuntu）的.SPC或.PEM文件对代码（.EXE文件）签名？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！