Announcement

Collapse
No announcement yet.

vpatch.exe signing

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • NickSills1
    replied
    Thanks Ulrich, that's setup now and we're testing.

    Leave a comment:


  • Ulrich
    replied
    If you use an EV cert on a token, you will need to use a batch file to call the signtool with arguments. I posted this approach in the Setup Factory forum, but the same can be done for Visual Patch.
    Please see here: https://forums.indigorose.com/forum/...023#post304023

    Ulrich

    Leave a comment:


  • NickSills1
    replied
    We use a cmd to remote sign on a signing server that uses a SHA-256 USB hardware security module (dongle)

    \RemoteSign.cmd "<FILENAME>"

    It's not clear from the help file how to configure this. Is it possible? Many thanks for your help

    Leave a comment:


  • NickSills1
    replied
    Thanks Ulrich, that helps a lot!

    Leave a comment:


  • Ulrich
    replied
    Letting Visual Patch sign, using these settings, will sign both the patch runtime and the patch file. You will see two signing operations (or four, if you double sign each with SHA-256 and SHA-1), for example:

    Code:
    (...)
    Excluding global script files for build configuration...
    Including global script files...
    > Script file included: D:\Program Files\x86\Indigo Rose\Visual Patch 3.0\Includes\Scripts\_Global_Functions.lua
    Inserting patch manifest...
    Code signing patch runtime...
    > Signing with SHA-256...
    > Signing command: "D:\OneDrive\Consulting\signtool\6.3.9600\signtool.exe" sign /f "D:\OneDrive\Consulting\sample.pfx" /p "****" /fd sha256 /tr "http://timestamp.comodoca.com/?td=sha256" /td sha256 /d "Sample patch" /du "http://www.mindquake.com.br" "C:\Users\ULRICH~1\AppData\Local\Temp\ir_tmp_rtm.tmp"
    Done Adding Additional Store
    (...)
    Compressing files
    Creating patch configuration file...
    Creating patch executable
    Code signing patch file...
    > Signing with SHA-256...
    > Signing command: "D:\OneDrive\Consulting\signtool\6.3.9600\signtool.exe" sign /f "D:\OneDrive\Consulting\sample.pfx" /p "****" /fd sha256 /tr "http://timestamp.comodoca.com/?td=sha256" /td sha256 /d "Sample patch" /du "http://www.mindquake.com.br" "D:\Ulrich Peters\OneDrive\Documents\My Patches\sample-patch.exe"
    Done Adding Additional Store
    (...)
    Ulrich

    Leave a comment:


  • NickSills1
    replied
    Thanks Ulrich, is that the vpatch.exe file that the patch executable extracts during execution?

    When a generated a patch exe file runs (which we sign anyway), it extracts a commonly named file 'vpatch.exe' which isn't signed.

    Leave a comment:


  • Ulrich
    replied
    There is a tab in the Build Settings dialog for code signing:

    Click image for larger version

Name:	image.png
Views:	32
Size:	38.0 KB
ID:	309289

    Ulrich

    Leave a comment:


  • NickSills1
    started a topic vpatch.exe signing

    vpatch.exe signing

    Hi,

    Is it possible to sign the extracted executable 'vpatch.exe'? It's causing AV software to complain,

    Thanks
Working...
X