From b6b6710d2b055c703f86429b431c616f99cb4c85 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Wed, 22 Jul 2020 23:33:21 +0200
Subject: Windows: Add possibility to sign binaries using SHA256 only. This
 fixes Windows Smart Screen warning when launching installer

---
 src/Signing/sign-sha256.bat | 62 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 src/Signing/sign-sha256.bat

(limited to 'src/Signing')

diff --git a/src/Signing/sign-sha256.bat b/src/Signing/sign-sha256.bat
new file mode 100644
index 00000000..ed01f38a
--- /dev/null
+++ b/src/Signing/sign-sha256.bat
@@ -0,0 +1,62 @@
+PATH=%PATH%;%WSDK81%\bin\x86;C:\Program Files\7-Zip;C:\Program Files (x86)\7-Zip
+
+set VC_VERSION=1.24-Update7
+set SIGNINGPATH=%~dp0
+cd %SIGNINGPATH%
+
+call "..\..\doc\chm\create_chm.bat"
+
+cd %SIGNINGPATH%
+
+rem sign using SHA-1
+signtool sign /v /sha1 85aa2e55cfb9c38fe474c58b38e9521450cd9306 /ac DigiCert_Assured_ID_MS_Cross_Cert.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
+
+timeout /t 10
+
+rem sign using SHA-256
+signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_R3Cross.cer /as /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
+signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+
+
+cd "..\Release\Setup Files\"
+
+copy ..\..\LICENSE .
+copy ..\..\License.txt .
+copy ..\..\NOTICE .
+
+del *.xml
+rmdir /S /Q Languages
+mkdir Languages
+copy /V /Y ..\..\..\Translations\*.xml Languages\.
+del Languages.zip
+7z a -y Languages.zip Languages
+
+rmdir /S /Q docs
+mkdir docs\html\en
+mkdir docs\EFI-DCS
+copy /V /Y ..\..\..\doc\html\* docs\html\en\.
+copy "..\..\..\doc\chm\VeraCrypt User Guide.chm" docs\.
+copy "..\..\..\doc\EFI-DCS\*.pdf" docs\EFI-DCS\.
+
+del docs.zip
+7z a -y docs.zip docs
+
+"VeraCrypt Setup.exe" /p
+"VeraCrypt Portable.exe" /p
+
+del LICENSE
+del License.txt
+del NOTICE
+del "VeraCrypt User Guide.chm"
+
+del Languages.zip
+del docs.zip
+rmdir /S /Q Languages
+rmdir /S /Q docs
+
+cd %SIGNINGPATH%
+
+rem sign using SHA-256
+signtool sign /v /sha1 04141E4EA6D9343CEC994F6C099DC09BDD8937C9 /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /fd sha256 /tr http://rfc3161timestamp.globalsign.com/advanced /td SHA256 "..\Release\Setup Files\VeraCrypt Setup %VC_VERSION%.exe" "..\Release\Setup Files\VeraCrypt Portable %VC_VERSION%.exe"
+
+pause
-- 
cgit v1.2.3