I have been doing a lot of research on code signing and the windows security prompt. I have a code signing certificate from comodo and everything appears to work great for the most part.
1) If all the files are on my local disk - works fine
2) If the files are on a UNC path and the server is on the same domain as my local machine - gravy
However, If the files are on a UNC path and its on another domain or no domain I get a nasty dialog "We can't verify who created this file..." Even though the file properties dialog shows the file is properly signed with no errors on the certificate.
The command I am using to sign my files
signtool.exe sign /v /ph /tr http://timestamp.comodoca.com/rfc3161 /ac "<comodo key>" /f "<my key>" /p <mypass> <file>
am I missing something or is this just the way it is?
Related
I use CyberArk 12.1 to get database password by SDK. Application was written in NetCore3.1, we migrate it to NET6. Sadly CA 12.1 isn't compatible with NET6, support appears in 12.6, but my organisation at this moment doesn't plan upgrade
I try to execute PowerShell script from my application (NET6) to connect with CyberArk agent
Script returns from CA error
APPAP308E - Invalid process path. Full path is required
PowerShell
C:\Program Files (x86)\...\CLIPasswordSDK.exe GetPassword /p AppId=xxx /p Query="Safe=xxx;Folder=Root;Object=xxx" /p Reaseon="test"
I don't understand what means path in this context?
How can I resolve problem, what could be wrong in my script?
Script is executed in application by creating new process
Process.Start("script.bat"); // Error about path from CyberArk
There has to be entered absolute path
Process.Start("c:\\app\\script.bat"); // works
I have a project that is running on the server. I want to modify it on a local machine, but connection strings in the web.config file are encrypted using regiis. To decrypt it I tried this article:
http://ryaremchuk.blogspot.com/2012/11/encrypting-and-decrypting-webconfig.html
I copied the project to a folder on the hard desk on my local machine; so its path is C:\project1.
In the prompt interface I reached: C:\windows\Microsoft.NET\Framework\v4.0.30319. Then I used this command with no luck:
aspnet_regiis -pd "connectionStrings" -app "C:\project1"
Is my command wrong? Should the project be in a different path?
I am a new C# programmer. I made a setup file of an application in Inno setup, but when I use this application after installation, the application crashes when it tries to access (read) an existing folder in the computer (which the user has permission to access otherwise). This folder does not contain any program file, or logs. It just contains some media files which are already in the computer.
I saw the Inno script format, but it shows only how to give permission to access program files/folders only, what about the files which are already there in the computer? Shouldn't the application should have access to files which the user (who installed it)has access to ?
To set permissions on existing files or folders, you can use the Windows cacls command in the [Run] section.
Filename: "{sys}\cacls.exe"; Parameters: """C:\My Folder\My File.ext"" /t /e /g ""Everyone"":f ""Power Users"":f ""Users"":f ""Authenticated Users"":f "; StatusMsg: "Configuring Windows settings..."; Flags: runhidden
Type cacls /? at a command prompt for all available switches and syntax.
It worked when I used
"Permissions: users-modify" in [Dirs] section.
I have made a little tool. It is a console application that when running on Win7 brings the UAC security prompt.
I tried to sign this EXE file in Visual Studio 2010 using the following steps:
Project properties
Signing
Create new key as shown below
The key file was successfully created, as you can see in the capture below.
Issues:
File is still being blocked by the UAC security prompt. When I checked the file whether signed or not using the signtool.exe, it tells me, no signature was found.
Please correct me if I'm following the wrong steps.
Assembly signing != Authenticode signing.
To authenticode sign an assembly with signtool, you'll need a code signing certificate from a trusted issuing authority.
You can then issue the following post-build command to sign your executable:
"signtool.exe" sign /f "$(SolutionDir)myCertificate.pfx" /p certPassword /d "description" /du "http://myinfourl" /t "http://timeserver.from.cert.authority/" $(TargetPath)
Everything you need to know about Authenticode Code Signing
Basically you have 2 options, using a command that you manually execute or execute via a batch file
signtool.exe sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /f "D:\Source\Certificates\CodeSign.pfx" /as /p MyPassword "{path to exe}"
becomes a bit frustrating after a while
Better add it on your project's option page in the Build Events.
In your post build you would enter
call "C:\Program Files (x86)\Windows Kits\10\bin\x64\signtool.exe" sign /tr http://timestamp.digicert.com /td sha256 /fd sha256 /f "D:\Source\Certificates\CodeSign.pfx" /p MyPassword $(TargetPath)
the Macro $(TargetPath) will be filled with the path to your compiled exe or dll.
Now each time you compile you will get a signed file.
Would look something like this:
I have a UNC folder added in my machine using "Add Network Places" option in "My Network Places" (XP).
I need to select the specific unc folder through my C# "folderBrowser Dialogue."
However,as unc path is password protected. While selecting the same,how can I prompt for userCredentials. can anyone have thoughts on this...
PInvoke to WNetAddConnection2 and pass the CONNECT_INTERACTIVE flag to allow the OS to pop a username/password prompt if necessary. You can get the PInvoke definition here.