How to Self-Sign a .NET exe generated with SharpDeveloper or built-in csc.exe?

问题内容:

Let’s say I compile my c# application using csc.exe distributed with Windows 10 without installing Visual Studio, How can I self sign this application? The best I can come up with is this crazy powershell script posted below… Seems to me that it should be easier to sign your application than that.

问题评论:

    
Signing is easy, use sn.exe. Your issue is more about the certificate.

答案:

答案1:

# SCRIPT: signit.ps1
#
# Purpose: Sign a .NET Exe compiled by SharpDeveloper with a SelfSignedCertificate
#
# Usage:
#     Run signit.ps1 Script from an Administrator Powershell
#
#     PS>         Process-start -verb runas powershell
#     PS(ADMIN)>  Set-ExecutionPolicy -scope Process Unrestricted
#     Yes
#     PS(ADMIN)>  ./signit.ps1

# Sign EXE with PFX Certificate using SHA1
function SignIt {

    # Path to your Exe to sign
    $exe      = "$home\Desktop\tntrocketcar\bin\Debug\tntrocketcar.exe"

    # Name of your company
    $friendly_name = "ACME Software"
    $subject_cn    = "Wile E. Coyote Ventures"       #Common Name
    $subject_o     = "Roadrunner Foundation"         #Organization
    $subject_e     = "wile.e.coyote@mailinator.com"  #Email 
    $subject_c     = "US"                            #Country
    $subject_st    = "Arizona"                       #State

    # Path to signtool installed from "Windows SDK" download
    $signtool = "C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x64\signtool.exe"

    $pfx      = "MySigniture.pfx"
    $location = "Cert:\LocalMachine\My"
    $tstamp   = "http://timestamp.verisign.com/scripts/timstamp.dll"

    try {
        Write-Host "SignIt: $pfx"

        if (![IO.File]::Exists($signtool)) {
            write-host "`nERROR: signtool tool not found. Install WIndows SDK and update signtool.exe path in script.`n"
            exit 1
        }

        $pwd         = get-location
        $pass1_sec   = $null    
        $pass1_bstr  = $null
        $pass1_text  = $null


        # Creates a SelfSigned PFX Certificate and save it to current directory
        if (![IO.File]::Exists("$pwd/MySigniture.pfx")) {
            Write-Host "`n!!! Creating New SelfSignedCertficate !!!`n"

            $pass1_sec   = read-host "Password: " -AsSecureString   
            $pass1_bstr  = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($pass1_sec)
            $pass1_text  = [Runtime.InteropServices.Marshal]::PtrToStringAuto($pass1_bstr)

            $pass2_sec   = read-host "Re-Enter Password: " -AsSecureString  
            $pass2_bstr  = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($pass2_sec)
            $pass2_text  = [Runtime.InteropServices.Marshal]::PtrToStringAuto($pass2_bstr)

            if ($pass1_text -ceq $pass2_text) {
                Write-Host "Passwords matched"
            } 
            else {
                Write-Host "Passwords differ. Aborting script."
                exit 1
            }   

            $subject="CN=${subject_cn},O=${subject_o},E=${subject_e},C=${subject_c},ST=${subject_st}"

            $cert = New-SelfSignedCertificate `
                -Type Custom `
                -Subject $subject `
                -KeyUsage DigitalSignature `
                -CertStoreLocation $location `
                -FriendlyName $friendly_name

            $ThumbPrint = $cert.ThumbPrint
            $provider   = "${location}\${ThumbPrint}"
            $tmp        = Export-PfxCertificate `
                             -cert $provider  `
                             -FilePath $pfx `
                             -Password $pass1_sec

            del $provider
        }

        if ($pass1_sec -eq $null) {
            $pass1_sec   = read-host "Password: " -AsSecureString   
            $pass1_bstr  = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($pass1_sec)
            $pass1_text  = [Runtime.InteropServices.Marshal]::PtrToStringAuto($pass1_bstr)
        }

        & $signtool sign  `
            /a `
            /t http://timestamp.verisign.com/scripts/timstamp.dll `
            /f $pfx `
            /p $pass1_text `
            /v `
            $exe
    }
    catch {
        write-host "ERROR: Error Signing Exe."
        throw
    }   
}

SignIt

答案评论:

原文地址:

https://stackoverflow.com/questions/47756428/how-to-self-sign-a-net-exe-generated-with-sharpdeveloper-or-built-in-csc-exe

添加评论