Signing code (Authenticode) in OS X with a Thawte Certificate
July 16th, 2009
No comments
Just some quick notes on signing Windows executables using a Mac. First, get Mono:
I used version 2.4. Next, take a look at Mozilla’s code signing guide and work around the problems you run into using Zillabit Notes on Mono Authenticode.
It boils down to something like this:
- Open your Thawte issued .SPC file in Windows using certmgr (just double click it).
- Expand the certificate view in the left pane and click on Certificates.
- The components of your SPC file will be displayed, normally consisting of your company certificate and then some signer root certificates.
- For each of the certificates, go to
Action / All Tasks / Export...and export the certificate as a DER .cer file. - Bring the exported files to your Mac and join them with
cert2spc. E.g.:
cert2spc cert1.cer cert2.cer cert3.cer my_fixed_certificate.spc - Use the newly generated SPC file to sign your code:
signcode -spc my_fixed_certificate.spc -v my_private_certificate_key.pvk -a sha1 -$ commercial -n MyProductName -i http://www.mycompany.com -t http://timestamp.verisign.com/scripts/timstamp.dll MyProgram.exe - Verify by trying to run the executable in Windows.
A final note: don’t try to verify the signing using mono’s chktrust command. At least for me it always tells me the exe doesn’t have a signature.
