internal static CRYPTUI_WIZ_DIGITAL_SIGN_INFO InitSignInfoStruct(string fileName, X509Certificate2 signingCert, string timeStampServerUrl, string hashAlgorithm, SigningOption option)
{
CRYPTUI_WIZ_DIGITAL_SIGN_INFO cryptui_wiz_digital_sign_info;
cryptui_wiz_digital_sign_info = new CRYPTUI_WIZ_DIGITAL_SIGN_INFO {
dwSize = (int)Marshal.SizeOf(typeof(CRYPTUI_WIZ_DIGITAL_SIGN_INFO)),
dwSubjectChoice = 1,
pwszFileName = fileName,
dwSigningCertChoice = 1,
pSigningCertContext = signingCert.Handle,
pwszTimestampURL = timeStampServerUrl,
dwAdditionalCertChoice = GetCertChoiceFromSigningOption(option)
};
CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO structure = InitSignInfoExtendedStruct("", "", hashAlgorithm);
IntPtr ptr = Marshal.AllocCoTaskMem(Marshal.SizeOf(structure));
Marshal.StructureToPtr(structure, ptr, false);
cryptui_wiz_digital_sign_info.pSignExtInfo = ptr;
return(cryptui_wiz_digital_sign_info);
}
internal static CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO InitSignInfoExtendedStruct(string description, string moreInfoUrl, string hashAlgorithm)
{
CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO cryptui_wiz_digital_sign_extended_info;
cryptui_wiz_digital_sign_extended_info = new CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO {
dwSize = (int)Marshal.SizeOf(typeof(CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO)),
dwAttrFlagsNotUsed = 0,
pwszDescription = description,
pwszMoreInfoLocation = moreInfoUrl,
pszHashAlg = null,
pwszSigningCertDisplayStringNotUsed = IntPtr.Zero,
hAdditionalCertStoreNotUsed = IntPtr.Zero,
psAuthenticatedNotUsed = IntPtr.Zero,
psUnauthenticatedNotUsed = IntPtr.Zero
};
if (hashAlgorithm != null)
{
cryptui_wiz_digital_sign_extended_info.pszHashAlg = hashAlgorithm;
}
return(cryptui_wiz_digital_sign_extended_info);
}
internal static CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO InitSignInfoExtendedStruct(string description, string moreInfoUrl, string hashAlgorithm)
{
CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO cryptui_wiz_digital_sign_extended_info;
cryptui_wiz_digital_sign_extended_info = new CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO {
dwSize = (int) Marshal.SizeOf(typeof(CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO)),
dwAttrFlagsNotUsed = 0,
pwszDescription = description,
pwszMoreInfoLocation = moreInfoUrl,
pszHashAlg = null,
pwszSigningCertDisplayStringNotUsed = IntPtr.Zero,
hAdditionalCertStoreNotUsed = IntPtr.Zero,
psAuthenticatedNotUsed = IntPtr.Zero,
psUnauthenticatedNotUsed = IntPtr.Zero
};
if (hashAlgorithm != null)
{
cryptui_wiz_digital_sign_extended_info.pszHashAlg = hashAlgorithm;
}
return cryptui_wiz_digital_sign_extended_info;
}
/// <summary>
/// Signs the executable at the given path with the given code signing certificate.
/// </summary>
/// <example>
/// string certPath = @"C:\certs\CodeSigningTestCert.pfx";
/// string exePath = @"C:\temp\ConsoleApp2ToBeSigned.exe";
/// string certPwd = "myGreatSecurePassword";
///
/// try
/// {
/// string resultingSignature = Signer.SignExecutable(certPath, exePath, certPwd);
/// }
/// catch (Win32Exception ex)
/// {
/// Console.WriteLine(ex.Message + ", Native error code: " + ex.NativeErrorCode.ToString());
/// }
/// catch (Exception ex)
/// {
/// // Any unexpected errors?
/// Console.WriteLine(ex.Message);
/// }
///
/// </example>
/// <param name="certPath">The absolute path to the PFX file to be used for signing the exe file.</param>
/// <param name="exePath">The absolute path to the executable to be signed.</param>
/// <param name="certPwd">The password for the PFX file.</param>
public string SignExecutable(string exePath, string certPwd)
{
X509Certificate2 cert = default(X509Certificate2);
CRYPTUI_WIZ_DIGITAL_SIGN_INFO digitalSignInfo = default(CRYPTUI_WIZ_DIGITAL_SIGN_INFO);
CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT signContext = default(CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT);
CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO extInfo = default(CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO);
IntPtr pSignContext = default(IntPtr);
IntPtr pSigningCertContext = default(IntPtr);
IntPtr pExtInfo = default(IntPtr);
X509Store store = new X509Store(StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection certificates = store.Certificates;
X509Certificate2Collection foundCertificates = certificates;
// X509Certificate2 certificate = null;
var selectedCertificates = X509Certificate2UI.SelectFromCollection(foundCertificates, "Wybór certyfikatu", "Wybierz certyfkat do podpisywania", X509SelectionFlag.SingleSelection);
if (selectedCertificates.Count != 0)
{
X509cert = selectedCertificates[0];
}
X509cert.SetPinForPrivateKey("12345678");
// Get certificate context
// cert = new X509Certificate2(X509cert.RawData);
pSigningCertContext = X509cert.Handle;
const string szOID_NIST_sha256 = "2.16.840.1.101.3.4.2.1";
extInfo = new CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO();
extInfo.dwSize = Marshal.SizeOf(extInfo);
extInfo.pszHashAlg = szOID_NIST_sha256; // Use SHA256 instead of default SHA1
// digitalSignInfo.pSignExtInfo = Marshal.AllocHGlobal(Marshal.SizeOf(digitalSignExtendedInfo));
// Marshal.StructureToPtr(digitalSignExtendedInfo, digitalSignInfo.pSignExtInfo, false);
// Prepare signing info: exe and cert
digitalSignInfo = new CRYPTUI_WIZ_DIGITAL_SIGN_INFO();
digitalSignInfo.dwSize = Marshal.SizeOf(digitalSignInfo);
digitalSignInfo.dwSubjectChoice = CRYPTUI_WIZ_DIGITAL_SIGN_SUBJECT_FILE;
digitalSignInfo.pwszFileName = exePath;
digitalSignInfo.dwSigningCertChoice = CRYPTUI_WIZ_DIGITAL_SIGN_CERT;
digitalSignInfo.pSigningCertContext = pSigningCertContext;
digitalSignInfo.pwszTimestampURL = null;
digitalSignInfo.dwAdditionalCertChoice = 0;
digitalSignInfo.pSignExtInfo = IntPtr.Zero;
// digitalSignInfo.pSignExtInfo = Marshal.AllocHGlobal(Marshal.SizeOf(extInfo));
//
// Marshal.StructureToPtr(extInfo, digitalSignInfo.pSignExtInfo, false);
// Sign exe
if ((!CryptUIWizDigitalSign(CRYPTUI_WIZ_NO_UI, IntPtr.Zero, null, ref digitalSignInfo, ref pSignContext)))
{
throw new Win32Exception(Marshal.GetLastWin32Error(), "CryptUIWizDigitalSign");
}
// Get the blob with the signature
signContext = (CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT)Marshal.PtrToStructure(pSignContext, typeof(CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT));
byte[] blob = new byte[signContext.cbBlob + 1];
Marshal.Copy(signContext.pbBlob, blob, 0, signContext.cbBlob);
// Free blob memory
if ((!CryptUIWizFreeDigitalSignContext(pSignContext)))
{
throw new Win32Exception(Marshal.GetLastWin32Error(), "CryptUIWizFreeDigitalSignContext");
}
return(System.Text.Encoding.Default.GetString(blob));
}
InitSignInfoExtendedStruct(string description,
string moreInfoUrl,
string hashAlgorithm)
{
CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO siex =
new CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO();
siex.dwSize = (DWORD)Marshal.SizeOf(siex);
siex.dwAttrFlagsNotUsed = 0;
siex.pwszDescription = description;
siex.pwszMoreInfoLocation = moreInfoUrl;
siex.pszHashAlg = null;
siex.pwszSigningCertDisplayStringNotUsed = IntPtr.Zero;
siex.hAdditionalCertStoreNotUsed = IntPtr.Zero;
siex.psAuthenticatedNotUsed = IntPtr.Zero;
siex.psUnauthenticatedNotUsed = IntPtr.Zero;
if (hashAlgorithm != null)
{
siex.pszHashAlg = hashAlgorithm;
}
return siex;
}
