nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-05 17:08:05 -05:00
Code Issues Projects Releases Wiki Activity

doc updates

Browse Source
This commit is contained in:
Per Allansson 2013-03-08 18:00:25 +01:00
parent f10f5d88ad
commit a4f4729bef
3 changed files with 29 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ChangeLog
View File

@ -1,3 +1,14 @@
=== 1.5 (2013-03-XX)
- added support for signing MSI files (patch from Marc-André Lureau)
- calculate correct PE checksum instead of setting it to 0
(patch from Roland Schwingel)
- added support for extracting/removing/verifying signature on PE files
- fixed problem with not being able to decode timestamps with no newlines
- added stricter checks for PE file validity
- added support for reading keys from PVK files (requires OpenSSL 1.0.0 or later)
=== 1.4 (2011-08-12)
- improved build system (patch from Alon Bar-Lev)
@ -6,7 +17,6 @@
- added support for sha1/sha256 - default hash is now sha1
- added flag for commercial signing (default is individual)
=== 1.3.1 (2009-08-07)
- support signing of 64-bit executables (fix from Paul Kendall)

19
README
View File

@ -47,11 +47,12 @@ to do the signing with the Microsoft signcode.exe:
http://www.matthew-jones.com/articles/codesigning.html
To sign with osslsigncode you need the spc file mentioned
in the article above, and you will also need the private
key, but not as a pvk file - it must be a simple key file
on DER format or in PEM format. You can create a DER file
from the PEM file by doing:
To sign with osslsigncode you need the spc file mentioned in the
article above, and you will also need the private key, it must
be a key file in DER or PEM format, or if osslsigncode was
compiled against OpenSSL 1.0.0 or later, in PVK format.
. You can create a DER file from the PEM file by doing:
openssl rsa -passin pass:XXXXX -outform der \
-in <pem-key-file> -out <der-key-file>
@ -62,7 +63,13 @@ To sign an EXE or MSI file you can now do:
-n "Your Application" -i http://www.yourwebsite.com/ \
-in yourapp.exe -out yourapp-signed.exe
or if you are using the PEM key file:
or if you are using a PVK key file:
osslsigncode -spc <spc-file> -pvk <der-key-file> \
-n "Your Application" -i http://www.yourwebsite.com/ \
-in yourapp.exe -out yourapp-signed.exe
or if you are using a PEM key file:
osslsigncode -spc <spc-file> -key <der-key-file> -pass <pem-password> \
-n "Your Application" -i http://www.yourwebsite.com/ \

8
TODO
View File

@ -1,9 +1,11 @@
- tool for extracting/removing the signature
- page hashing support
- RFC3161 timestamping
- signature extraction/removal/verificaton on MSI/CAB files
- improved signature verification on PE files
- clean up / untangle code
- separate timestamping
- man page
- verify signatures
- remove mmap usage to increase portability
- tests
- fix other stuff marked 'XXX'
- free memory properly :)