From dd1e62ebcd62338b2cf16ebab6157c9e74416a0e Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sat, 16 Jan 2016 16:50:33 +0100 Subject: Windows: Add SHA-256 EV Code Signing using the new GlobalSign certificate on top of the SHA-1 code signing. Create new SHA256 test code signing certificate and update test signing script. --- src/Signing/sign_test.bat | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'src/Signing/sign_test.bat') diff --git a/src/Signing/sign_test.bat b/src/Signing/sign_test.bat index c36f0536..9daf78e4 100644 --- a/src/Signing/sign_test.bat +++ b/src/Signing/sign_test.bat @@ -2,12 +2,16 @@ PATH=%PATH%;%WSDK81%\bin\x86 set PFXNAME=TestCertificate\idrix_codeSign.pfx set PFXPASSWORD=idrix +set PFXCA=TestCertificate\idrix_TestRootCA.crt +set SHA256PFXNAME=TestCertificate\idrix_Sha256CodeSign.pfx +set SHA256PFXPASSWORD=idrix +set SHA256PFXCA=TestCertificate\idrix_SHA256TestRootCA.crt rem sign using SHA-1 -signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" +signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" rem sign using SHA-256 -signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" +signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe" cd "..\Release\Setup Files\" @@ -20,9 +24,9 @@ del *.xml cd "..\..\Signing" rem sign using SHA-1 -signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe" +signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe" rem sign using SHA-256 -signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt Setup 1.16.exe" +signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\VeraCrypt Setup 1.16.exe" pause \ No newline at end of file -- cgit v1.2.3