internal static CRYPTUI_WIZ_DIGITAL_SIGN_INFO InitSignInfoStruct(string fileName, X509Certificate2 signingCert, string timeStampServerUrl, string hashAlgorithm, SigningOption option) { CRYPTUI_WIZ_DIGITAL_SIGN_INFO cryptui_wiz_digital_sign_info; cryptui_wiz_digital_sign_info = new CRYPTUI_WIZ_DIGITAL_SIGN_INFO { dwSize = (int)Marshal.SizeOf(typeof(CRYPTUI_WIZ_DIGITAL_SIGN_INFO)), dwSubjectChoice = 1, pwszFileName = fileName, dwSigningCertChoice = 1, pSigningCertContext = signingCert.Handle, pwszTimestampURL = timeStampServerUrl, dwAdditionalCertChoice = GetCertChoiceFromSigningOption(option) }; CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO structure = InitSignInfoExtendedStruct("", "", hashAlgorithm); IntPtr ptr = Marshal.AllocCoTaskMem(Marshal.SizeOf(structure)); Marshal.StructureToPtr(structure, ptr, false); cryptui_wiz_digital_sign_info.pSignExtInfo = ptr; return(cryptui_wiz_digital_sign_info); }
internal static CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO InitSignInfoExtendedStruct(string description, string moreInfoUrl, string hashAlgorithm) { CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO cryptui_wiz_digital_sign_extended_info; cryptui_wiz_digital_sign_extended_info = new CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO { dwSize = (int)Marshal.SizeOf(typeof(CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO)), dwAttrFlagsNotUsed = 0, pwszDescription = description, pwszMoreInfoLocation = moreInfoUrl, pszHashAlg = null, pwszSigningCertDisplayStringNotUsed = IntPtr.Zero, hAdditionalCertStoreNotUsed = IntPtr.Zero, psAuthenticatedNotUsed = IntPtr.Zero, psUnauthenticatedNotUsed = IntPtr.Zero }; if (hashAlgorithm != null) { cryptui_wiz_digital_sign_extended_info.pszHashAlg = hashAlgorithm; } return(cryptui_wiz_digital_sign_extended_info); }
internal static CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO InitSignInfoExtendedStruct(string description, string moreInfoUrl, string hashAlgorithm) { CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO cryptui_wiz_digital_sign_extended_info; cryptui_wiz_digital_sign_extended_info = new CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO { dwSize = (int) Marshal.SizeOf(typeof(CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO)), dwAttrFlagsNotUsed = 0, pwszDescription = description, pwszMoreInfoLocation = moreInfoUrl, pszHashAlg = null, pwszSigningCertDisplayStringNotUsed = IntPtr.Zero, hAdditionalCertStoreNotUsed = IntPtr.Zero, psAuthenticatedNotUsed = IntPtr.Zero, psUnauthenticatedNotUsed = IntPtr.Zero }; if (hashAlgorithm != null) { cryptui_wiz_digital_sign_extended_info.pszHashAlg = hashAlgorithm; } return cryptui_wiz_digital_sign_extended_info; }
/// <summary> /// Signs the executable at the given path with the given code signing certificate. /// </summary> /// <example> /// string certPath = @"C:\certs\CodeSigningTestCert.pfx"; /// string exePath = @"C:\temp\ConsoleApp2ToBeSigned.exe"; /// string certPwd = "myGreatSecurePassword"; /// /// try /// { /// string resultingSignature = Signer.SignExecutable(certPath, exePath, certPwd); /// } /// catch (Win32Exception ex) /// { /// Console.WriteLine(ex.Message + ", Native error code: " + ex.NativeErrorCode.ToString()); /// } /// catch (Exception ex) /// { /// // Any unexpected errors? /// Console.WriteLine(ex.Message); /// } /// /// </example> /// <param name="certPath">The absolute path to the PFX file to be used for signing the exe file.</param> /// <param name="exePath">The absolute path to the executable to be signed.</param> /// <param name="certPwd">The password for the PFX file.</param> public string SignExecutable(string exePath, string certPwd) { X509Certificate2 cert = default(X509Certificate2); CRYPTUI_WIZ_DIGITAL_SIGN_INFO digitalSignInfo = default(CRYPTUI_WIZ_DIGITAL_SIGN_INFO); CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT signContext = default(CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT); CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO extInfo = default(CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO); IntPtr pSignContext = default(IntPtr); IntPtr pSigningCertContext = default(IntPtr); IntPtr pExtInfo = default(IntPtr); X509Store store = new X509Store(StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly); X509Certificate2Collection certificates = store.Certificates; X509Certificate2Collection foundCertificates = certificates; // X509Certificate2 certificate = null; var selectedCertificates = X509Certificate2UI.SelectFromCollection(foundCertificates, "Wybór certyfikatu", "Wybierz certyfkat do podpisywania", X509SelectionFlag.SingleSelection); if (selectedCertificates.Count != 0) { X509cert = selectedCertificates[0]; } X509cert.SetPinForPrivateKey("12345678"); // Get certificate context // cert = new X509Certificate2(X509cert.RawData); pSigningCertContext = X509cert.Handle; const string szOID_NIST_sha256 = "2.16.840.1.101.3.4.2.1"; extInfo = new CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO(); extInfo.dwSize = Marshal.SizeOf(extInfo); extInfo.pszHashAlg = szOID_NIST_sha256; // Use SHA256 instead of default SHA1 // digitalSignInfo.pSignExtInfo = Marshal.AllocHGlobal(Marshal.SizeOf(digitalSignExtendedInfo)); // Marshal.StructureToPtr(digitalSignExtendedInfo, digitalSignInfo.pSignExtInfo, false); // Prepare signing info: exe and cert digitalSignInfo = new CRYPTUI_WIZ_DIGITAL_SIGN_INFO(); digitalSignInfo.dwSize = Marshal.SizeOf(digitalSignInfo); digitalSignInfo.dwSubjectChoice = CRYPTUI_WIZ_DIGITAL_SIGN_SUBJECT_FILE; digitalSignInfo.pwszFileName = exePath; digitalSignInfo.dwSigningCertChoice = CRYPTUI_WIZ_DIGITAL_SIGN_CERT; digitalSignInfo.pSigningCertContext = pSigningCertContext; digitalSignInfo.pwszTimestampURL = null; digitalSignInfo.dwAdditionalCertChoice = 0; digitalSignInfo.pSignExtInfo = IntPtr.Zero; // digitalSignInfo.pSignExtInfo = Marshal.AllocHGlobal(Marshal.SizeOf(extInfo)); // // Marshal.StructureToPtr(extInfo, digitalSignInfo.pSignExtInfo, false); // Sign exe if ((!CryptUIWizDigitalSign(CRYPTUI_WIZ_NO_UI, IntPtr.Zero, null, ref digitalSignInfo, ref pSignContext))) { throw new Win32Exception(Marshal.GetLastWin32Error(), "CryptUIWizDigitalSign"); } // Get the blob with the signature signContext = (CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT)Marshal.PtrToStructure(pSignContext, typeof(CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT)); byte[] blob = new byte[signContext.cbBlob + 1]; Marshal.Copy(signContext.pbBlob, blob, 0, signContext.cbBlob); // Free blob memory if ((!CryptUIWizFreeDigitalSignContext(pSignContext))) { throw new Win32Exception(Marshal.GetLastWin32Error(), "CryptUIWizFreeDigitalSignContext"); } return(System.Text.Encoding.Default.GetString(blob)); }
InitSignInfoExtendedStruct(string description, string moreInfoUrl, string hashAlgorithm) { CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO siex = new CRYPTUI_WIZ_DIGITAL_SIGN_EXTENDED_INFO(); siex.dwSize = (DWORD)Marshal.SizeOf(siex); siex.dwAttrFlagsNotUsed = 0; siex.pwszDescription = description; siex.pwszMoreInfoLocation = moreInfoUrl; siex.pszHashAlg = null; siex.pwszSigningCertDisplayStringNotUsed = IntPtr.Zero; siex.hAdditionalCertStoreNotUsed = IntPtr.Zero; siex.psAuthenticatedNotUsed = IntPtr.Zero; siex.psUnauthenticatedNotUsed = IntPtr.Zero; if (hashAlgorithm != null) { siex.pszHashAlg = hashAlgorithm; } return siex; }