Code signing tools

is it possible to just download the code signing tools? I've installed the SDK, but I can't find keytool or the javasign(?) commands.
thanks.

oops...that is jarsigner and keytool

Similar Messages

  • CS4 Flash Projector File and Authenticode (Code Signing)

    I have a flash projector file (.exe) that I need to add Code Signing to it so it does not say 'Unknown Publisher' in Vista. I read that for CS3 there is no authenticode signing. Was this added in CS4? I just want to check before I go ahead and purchase a 3rd party app like Juggler. Does anyone else have a suggestion for software to add authenticode signature to a CS4 flash projector file? Jugglor is pretty old (2007) and I would like to know if there are more recent apps to package and sign projector files.
    Thanks for any info.
    Doug

    You can use a tool from Miscsoft to sign your projector. Here's how:
    1) Buy a code signing certificate from someone like COMODO, Entrust Thawte, or VeriSign
    2) Download the command line code signing tool from Microsoft - SignTool.exe
    http://msdn.microsoft.com/en-us/library/8s9b9yaz(VS.80).aspx
    2) Follow these instructions
    http://www.entrust.net/ssl-resources/pdf/ECS_AuthCode_Signing_Guide.pdf
    Good Luck
    Brian

  • Mac C++ tool verifying code signing cert / signature

    I have a command line tool I have code signed using the "codesign" tool.  Using its -vv option it verifies that my code is indeed signed.  Now here is my problem, it doesn't tell me who signed it, ie: The name on the cert and stuff like that.  To complicate matters even further, I wish to be able to do this from a C++ application.  I want to look at a binary file, see that it is signed, and signed by us.  As a security measure I would like to only allow our application to update if the new files are signed by us.  I am having trouble locating any API which deals with this.  On the windows world there is an obscure API that allows me to do this.  I do not even know if such and API system exists in the Apple world since code signing is brand new introduced in 10.5.
    In addition to some API help, if there is a way to simply get information about who signed an executable (On windows you just right-click and pick properties) and you can get all sorts of information about the digital signature);  Is there something like this on a Mac?
    Thanks for any help I can get.

    Why would I do that?  I simply want to know, is the binary file I downloaded signed by with MY cert?  I can determine this within reasonable doubt by answering two simple questions:
    1.  Is the cert that this file signed with valid (chain of trust and all that).
    2.  What is the name of the cert (the identity).
    If the Identity is the right one (in our case, the name of our company) and it is valid, then I will trust that this binary is ours.
    Maybe this will clarify my question. I guess I could rephrase this question as:
    "How do I write a simple tool that will verify a file has a valid signature and will give me the signer's identity"?

  • How to use Java code signing certificate in oracle 11i

    Hello,
    I am try to configure java code signing certificate in 11.5.10.2 application. we got java sign certificate from verisgin. SA's imported the certificate and created alias XXX_XXX with password and passphrase.
    I am able to see the my certificate. keytool -list -v -keystore xxx_xxxx.jks -storepass Password.
    how do I use it. I am using Enhance Jar Signing for EBS DOC ID 1591073.1.
    could you please give me some advice on it?
    Thanks
    Prince

    Hussien,
    I find out apps keystore keypassword and storepassword, I imported the java code sign certificate. I generated Jar files through adadmin, but I am getting  warning error
    adogif() unable to generate Jar Filers under JAVA_TOP.
    executing /usr/jdk/jdk1.6.0_45/bin/java sun.security.tools.JarSigner keysotre **** -sigfile CUST Signer /apps/......
    Error JarSigner subcommand Exited With status 1.
    No standard output from jarsigner JarSigner error output: Exception in thread "main" java.lang.NoClassDefFoundError: sun/security/tools/JarSigner Caused by: java.lang.ClassNotFoundException: sun.security.tools.JarSigner         at java.net.URLClassLoader$1.run(URLClassLoader.java:202)         at java.security.AccessController.doPrivileged(Native Method)         at java.net.URLClassLoader.findClass(URLClassLoader.java:190)         at java.lang.ClassLoader.loadClass(ClassLoader.java:306)         at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)         at java.lang.ClassLoader.loadClass(ClassLoader.java:247) Could not find the main class: sun.security.tools.JarSigner.  Program will exit. WARNING: The following path(s), defined in /apps2/property/product/tst/appl/cz/11.5.0/java/make/czjar.dep as elements of the output:   oracle/apps/cz/runtime/tag WARNING: Copying cztag.lst from the old fndlist.jar ...   About to Analyze flmkbn.jar : Fri Nov 22 2013 10:45:51
    Please let me know if you have any idea. Thanks Prince

  • Code Signing certificate expired

    Hello,
    I please need an information about SGDEE 4.1 login applet: it seems
    applet code signing certificate was expired on September 2, 2005.
    I have no problem (after I deleted all expired root certificates from
    local client repository) with Internet Explorer 6SP1, but Mozilla Firefox
    always prompt me a warning with this contents:
    Serial:     
    [62374265099632433790334794162326322759]
    Issuer:
    N=VeriSign Class 3 Code Signing 2001 CA,
    OU=Terms of use at https://www.verisign.com/rpa (c)01,
    OU=VeriSign Trust Network,
    O="VeriSign, Inc."
    Valid From: Wed Sep 01 02:00:00 CEST 2004,
    To: Fri Sep 02 01:59:59 CEST 2005
    Subject:
    CN="Tarantella, Inc.",
    OU=Digital ID Class 3 - Netscape Object Signing,
    O="Tarantella, Inc.",
    L=Santa Cruz,
    ST=California,
    C=US
    Thank you very much in advance,
    Best Regards,
    Valerio Morozzo

    I know this is an older post, but it helped me find out how to make the migration procedure for native installer. I tried it with self signed certificate created by ADT tool and everything went fine.
    But now, we obtained a commercial AIR signing certificate from Thawte and the process failes in step 3) ADT saying
    'Certificate in PATH_TO_P12 could not be used to sign setup.msi' on Windows.
    On mac, it says that signing native installer on OSX is not supported, so I skipped the signing option in step 3) and it worked fine.
    I can skip the signing option on Windows as well and the process succeeds, but running the installer on machines with previous versions of application results in "Installer mis-configured' error message - the same error as if the migration process was not applied.
    I already contacted Thawte if it is a certificate issue, reply from them was 'AIR certificate can only sign .air applications'. But when I build a native application directly from FlashBuilder and sign it with the Thawte certificate the whole process seem to succeed. The application can be installed on machines without previous version of the application. Those who already have the older version get the 'Installer mis-configured' error message.
    I want to mark out again, that the same process but with a self signed certificate created with ADT, is successfull and the application can be installer as an update on machines with older version of the app. So I assume the workflow is correct.
    Any ideas? Or somebody having the same issue?
    Thanks

  • Code Signing for MacOS 10.8+

    Anyone have a sample build setup for signing the .app file before creating the DMG? How to make this part of the build process?
    I have an Apple developer id, but wondering how to integrate signing in the JavaFX build process (native bundles)

    I have something like this which gives me a signed app bundle (.app). I then manually create a DMG using DMG Canvas.
    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <project name="testMacOSXBuild"
                  default="default"
               basedir="."
               xmlns:fx="javafx:com.sun.javafx.tools.ant">
        <target name="default">
         <fx:jar destfile="${dist.dir}/${out.jar}">
         </fx:jar>
         <fx:deploy width="${applet.width}"
                      height="${applet.height}"    
                      verbose="true">
         </fx:deploy>
             <!-- code signing. -->
             <exec executable="/bin/bash">
                  <arg value="scripts/mac/code_sign.sh"/>
             </exec>
        </target>
    </project>

  • Code signing on mac

    I have been working on a utility to sign applications on mac. I am doing so by running the codesign command with appropriate arguments. Just that I'm executing this command by wrapping it up in a simple java application.
    This utility however seamleslly works on a 10.6 mac and fails to do so on 10.7/10.8 versions. I have not been able to get to the depth of this scenario.
    Does code-signing depend on mac versions? Are there different ways in which mac handles signing?

    DeepikaRS wrote:
    Just that I'm executing this command by wrapping it up in a simple java application.
    Why?
    Can you even submit apps with 10.6 or 10.7 anymore? When it comes to worrying about backwards compatibility, test the application, forget about the tools. Run the tools only on 10.8.2 and test them on 10.8.3.

  • No binaries found for Verification issue in MPR Code Signing Test case

    Hi,
    We are trying to certify our WebSite Application as Gold Certified and to become Gold Certified Partner. We have run a MPR Test and while verifying the Code Signing test case, it shows that
    "No binaries found for verification". But the test case result is
    passed. Below I have placed screen shot for the same. We have signed all our Application related DLL's(Page related DLL's. Please let us know about this issue.
    Shankar S

    Hi Shankar,
    To the MPR Tool, it does not appear that you have installed any binaries.
    As you mention that your website contains DLLs, these have either not been installed via your MSI package or have already been installed before the test began.
    The tool will prompt when to Install, when to perform Primary Functionality, and when to Uninstall.
    If your website was already installed prior to beginnign test, you must retest.
    As you are applying for Gold level, assure you are testing on Server Core.
    Hope this helps,
    -Logo

  • Code signing from cli in 10.6

    Hello,
    I'm new to code signing on OS 10.6 and I assumed it works the same way as 10.5.  I installed my Mac pk12 Thawte certificate into my login keychain.
    No matter how I try to sign with codesign on either an unsigned code or previously signed by another party, I get the same error: code object is not signed
    $ codesign –sign ‘My code signing certificate" --force --verify file.dmg
    File.dmg:  code object is not signed
    $  codesign –d –v --verbose file.dmg
    File.dmg: code object is not signed
    Any suggestions on how to resolve this?
    Thanks,
    -Sean

    Well, a few weeks ago this site used a .dmg as an example, but since have changed the example to be for .app:
    http://www.digicert.com/code-signing/mac-os-codesign-tool.htm
    And I misunderstood the development team I support.  I thought they were signing their .dmg with a self-signed test certificate during development but it turns out they were not. 
    Can someone from Apple Support please list the file types that codesign in OS 10.6.7 will sign?

  • A PKI Code Signing Certificate question.

    Hello,
    Can someone please help me with the following question.
    I have created and used a code Signing certificate from our Microsoft Enterprise CA before which works OK, but I am not sure I did it correctly, and have a few related questions please.
    what I did.
    1: Logged on the CA directly, went to the CertSvc web site, requested a code signing cert, issued it and exported it along with the private key.
    2: Imported the above certificate into CurrentUser/My store on PC and used it to sign code
    3: Took the came certificate (along with the private key, and this is where perhaps I made at least one mistake) and imported it into the 'Trusted Publishers' store the PC that will be running the signed code. This step was done so the user does not receive
    a message asking if they want to run the code signed by "AAnotherUser" as it were, as although the code is signed by a trusted CA, the user still gets this warning message as the 'Publisher' is not in the 'Trusted Publishers' list. Therefore the
    way I sorted this at the time was to take the whole certificate as above and import to this store.
    The first mistake I made (as far as I can see as I am new to this area) I think I should have not imported the certificate 'along with its private key' into the trusted publishers store? in other words should I have imported the certificate 'minus its
    private key' into the trusted publishers store?
    Also, I understand you have to have the certificate along with is private key to sign code. I am 'assuming' a Hash of the code is taken and this is signed (encrypted) with the private key (in the same way a CA signs a CSR for a WEBServer cert for example),
    is that correct i.e. is that what it mean to sign code?
    if the above is correct then I assume you only need the 'public' key of the code signed cert in the 'Trusted Publishers Store' to verify the code was signed by a trusted CA and it has not been altered e.g. the Hash code still computes to the same value.
    Is this correct?
    My next question is regarding the private key. As I need to 'Login' to AD in order to request a code signing cert, can the 'private key' not be stored securely in AD along with my AD User account?
    if the above is possible (which would make good sense to me I think) then I do not have to worry about looking after the safety of the private key as the system 'AD' can do this for me. It would also mean which every computer I logon to in the domain I would
    have access to the private key (but no other user) and therefore be able to sign code I assume. Does this last paragraph make sense can this be done/is this done?
    Basically I need to understand the above, in order to understand more about Crypto.
    I also need create a code signing cert for a 'department' of about 10 people. Therefore I was thinking about creating and AD account called 'XYZCorpCodeSigning' or what ever, and issuing a code singing cert to this entity. If the private key could be stored
    in AD then accessed used once signed in as this account (these 10 people would need to know the password for the account) this would make life easier/more secure, I think.
    I know there are several question above, but it would be great it they would be answered as I would help me understand more about how it all works and to solve a problem too
    Thanks very much
    AAnotherUser__
    AAnotherUser__

    > The first mistake I made (as far as I can see as I am new to this area) I think I should have not imported the certificate 'along with its private key' into the trusted publishers store
    yes, it is not correct. Only public part should be imported to a Trusted Publishers container.
    >  is that correct i.e. is that what it mean to sign code
    exactly. Encryption with private key and decrypting with public key is called "digital signature".
    > if the above is correct then I assume you only need the 'public' key of the code signed cert in the 'Trusted Publishers Store' to verify the code was signed by a trusted CA and it has not been altered e.g. the Hash code still computes to the same
    value. Is this correct?
    yes. Client uses only public part of the certificate to validate the signature.
    > As I need to 'Login' to AD in order to request a code signing cert, can the 'private key' not be stored securely in AD along with my AD User account?
    normally code signing certificates are not stored in Active Directory and should not be there, because signing certificate is included in the signature field.
    > I do not have to worry about looking after the safety of the private key as the system 'AD' can do this for me.
    this is wrong assumption. A user is responsible to protect signing private key from unauthorized use.
    > If the private key could be stored in AD then accessed used once signed in as this account (these 10 people would need to know the password for the account) this would make life easier/more secure
    wouldn't, because if something happens -- you will never know who compromised the key.
    as a general practice, we recommend to purchase at least few smart cards to store signing keys. Depending on a particular code development practice, there might be a dedicated employee (for example, manager of devs) who the only has access to a smart card
    (and PIN) and signs the code upon dev request. Or issue a dedicated smart card with unique signing certificate to each developer. However this will add a complexity in signing certificate trust management.
    My weblog: en-us.sysadmins.lv
    PowerShell PKI Module: pspki.codeplex.com
    PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
    Check out new: SSL Certificate Verifier
    Check out new:
    PowerShell FCIV tool.

  • What does this mean and how do I fix it? Error ITMS-9000 "Invalid Code Signing The executable ´viwer.app/ viewer´ must be signed with the certificate that is contained in the provisioning profile"

    What does this mean and how do I fix it? Error ITMS-9000 "Invalid Code Signing The executable ´viwer.app/ viewer´ must be signed with the certificate that is contained in the provisioning profile"

    If you had Firefox save your Yahoo password, first try deleting that here:
    orange Firefox button ''or'' classic Tools menu > Options > Security > "Saved Passwords"
    The "signed out" message seems to be related to how Yahoo authenticates you. Some users have reported that disabling automatic proxy detection solves the problem, and it also resolves an issue of getting logged out every few minutes, if you have ever experienced that.
    To make the change:
    orange Firefox button ''or'' classic Tools menu > Options > Advanced
    On the "Network" mini-tab, click the "Settings" button, then choose "No Proxy" and OK your way back out.
    If your work connection requires you to use a proxy server, try the "Use system settings" option instead.
    Does that help?

  • Using Apple Mac Developer account for code signing

    Has anyone been using their Apple Mac Developer account for code signing and Adobe Air desktop App?
    Any hints, tips comments appreciated!

    Why would I do that?  I simply want to know, is the binary file I downloaded signed by with MY cert?  I can determine this within reasonable doubt by answering two simple questions:
    1.  Is the cert that this file signed with valid (chain of trust and all that).
    2.  What is the name of the cert (the identity).
    If the Identity is the right one (in our case, the name of our company) and it is valid, then I will trust that this binary is ours.
    Maybe this will clarify my question. I guess I could rephrase this question as:
    "How do I write a simple tool that will verify a file has a valid signature and will give me the signer's identity"?

  • Blackbery Rim Signing Tool Question

    I'm trying to run my application on a 7230 ( T-Mobile) BES , wireless handheld version 4.0.185 and using BB JDE version 4.0 and I got this error ,
    Error starting serveractivity module. Module must be signed with the Rim Runtime Code Signing Key.
    I've crossed check the files that I've imported and I dont see anything that's on the Controlled API. Any pointers from any one ?
    Here's my list of imported classes.
    import java.io.IOException;
    import java.io.OutputStream;
    import java.io.InputStream;
    import javax.microedition.io.Connector;
    import javax.microedition.io.HttpConnection;
    import org.xml.sax.SAXException;
    import org.xml.sax.helpers.DefaultHandler;
    import org.xml.sax.Attributes;
    import net.rim.device.api.ui.UiApplication;
    import net.rim.device.api.ui.Field;
    import net.rim.device.api.ui.FieldChangeListener;
    import net.rim.device.api.ui.component.AutoTextEditField ;
    import net.rim.device.api.ui.component.BasicEditField;
    import net.rim.device.api.ui.component.ButtonField;
    import net.rim.device.api.ui.component.DateField;
    import net.rim.device.api.ui.component.ObjectChoiceField ;
    import net.rim.device.api.ui.component.SeparatorField;
    import net.rim.device.api.ui.component.Status;
    import net.rim.device.api.ui.container.MainScreen;
    import org.xml.sax.SAXException;
    import net.rim.device.api.xml.parsers.SAXParser;
    import net.rim.device.api.xml.jaxp.SAXParserImpl;
    import org.xml.sax.helpers.DefaultHandler;
    import java.io.ByteArrayInputStream;
    After checking the Blackberry JDE API documentation, I realize that there wasn't the class javax.microedition.io.HttpConnection in the API. Is there any work around to solving this matter instead of buying the RIM Signing tool ?
    Thanks,
    Andrew

    Hi Piotr,
    You could try with the below code to add reference to your VSTO project:
    parameters.ReferencedAssemblies.Add("Microsoft.Office.Interop.Outlook.dll");
    parameters.CompilerOptions = "/lib:\"C:\\Program Files (x86)\\Microsoft Visual Studio 11.0\\Visual Studio Tools for Office\\PIA\\Office14\"";
    As for more details, please refer to the below sample:
    http://stackoverflow.com/questions/12331678/how-to-add-reference-to-outlook-vsto-in-a-dynamic-csharpcodeprovider-script
    deny to access the Microsoft. build. evaluation.n project.

  • JWS gives 'failed to parse certificate' error for VALID code sign cert

    Hi,
    For my application, After downloading jar files from web server, JWS (1.2.0_02) gives a Security Warning asking user to trust the Signer.
    However, after clicking Start, it gives another Security Warning which says this:
    Warning: Failed to verify authenticity of this certificate because there was an error parsing the certificate. No assertions can be made of the origin or validity of the code. It is highly recommended not to install and run this code.
    STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
    Sign App jar files with a VALID code signing certificate from Thawte or Verisign (don't use DST or RSA or any other CA as JWS supports only Versign/Thawte root CA entries by default).
    Download the app using JNLP, and you will see this warning.
    EXPECTED -
    It should not give the second security warning. First one is fine as user has to trust the signer.
    There are no logs anywhere to find out what error it encountered parsing the certificate.
    The certificate as such is valid, it was verified with keytool, openSSL and various other tools.
    ACTUAL -
    After downloading an application from web server, JWS gives a Security Warning asking user to trust the Signer.
    However, after clicking Start, it gives another Security Warning which says this:
    Warning: Failed to verify authenticity of this certificate because there was an error parsing the certificate. No assertions can be made of the origin or validity of the code. It is highly recommended not to install and run this code.
    ERROR MESSAGES/STACK TRACES THAT OCCUR :
    Warning: Failed to verify authenticity of this certificate because there was an error parsing the certificate. No assertions can be made of the origin or validity of the code. It is highly recommended not to install and run this code.

    Hello,
    I had the same problem. Here are some additional things to check:
    - every jar in your app MUST be signed by ONE and ONLY ONE certificate.
    - every jar which is presigned should be checked on its own. I had a bad bcprov.jar which nearly drove me nuts. Maybe there are more such 'presigned' jars around.
    One recipe aside:
    Try halfing down the jars in your jnlp file further and further, until it runs again, then you'll probably find the jar which causes this. I would bet a specific jar.
    There's another Bug already known which makes JWS fail on checking the certs on jars with classes which have national characters (even Inner ones!). So you might be checking that, too.
    Hope that helps...
    Patric

  • Signing a package with .pfx code signing certificate

    Hi,
    I've got a code signing certificate (.pfx) from GlobalSign and tried to sign my extension package.
    I used the ZXPSignCmd tool and got the following response:
    Unable to build a valid certificate chain. Please make sure that all certificates are included in the certificate file.
    The necessary certificate chain is installed on my system (Windows 7):
    My code signing certificate,
    the certificate from GlobalSign the signed my certificate
    and the GlobalSign root certificate that signed it.
    The OpenSSL info output for the certificate looks fine too:
    MAC Iteration 2000
    MAC verified OK
    PKCS7 Data
    Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
    PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2000
    Certificate bag
    Certificate bag
    Certificate bag
    On the other hand signing other files with the Windows SDK Signtool works and results in a correct certificate chain (visible in the file's details).
    Any idea what I might be doing wrong?
    Regards
    Philipp

    Hi Philipp,
    No, it doesn't matter - using Certificate Manager should also have worked.
    I don't think the issue is that the wrong root certificate has been chosen, otherwise we'd be seeing a different error. In the PEM file you exported, I would expect to see several certificate sections, each starting with BEGIN CERTIFICATE and ending with END CERTIFICATE. Just above each certificate's "BEGIN CERTIFICATE" line should be "subject" and "issuer" - the last certificate (at the bottom of the PEM file), should have your personal certificate name as the subject. Then, working upwards, each certificate should have an "issuer" which matches the "subject" of the certificate above it.
    The first certificate in the PEM file should have the same value for "subject" and "issuer" - identifying the certificate authority's root certificate.
    Also in the PEM file I'd expect to see a section "BEGIN RSA PRIVATE KEY"...."END RSA PRIVATE KEY".
    Does this all match what you're seeing?
    Assuming your PEM file looks OK, you could try using OpenSSL to convert it to PKCS12 format, using the command:
    openssl pkcs12 –export –in my_pem_file.pem –out my_pkcs12_file.p12
    Also, please ensure that you're using only ASCII characters in your P12 password, just in case that's causing problems.
    Best regards,
    Fraser

Maybe you are looking for