NT4 and 2000: TC digital signatures not recognized

Post by *ghisler(Author) » 2016-07-15, 16:29 UTC

So anything I can do about it? Probably not...

MarcinW · Post by *MarcinW » 2016-07-15, 20:42 UTC

Let me ask again: does anybody know, if an SHA1 certificate can still be obtained? If so, the problem can probably be solved.

MVV · Post by *MVV » 2016-07-15, 20:54 UTC

Aren't TC signed with SHA1 signature? My home Windows 7 w/o recent updates show only one signature and it seems to be valid - it is SHA1 signature.

MarcinW · Post by *MarcinW » 2016-07-15, 21:09 UTC

Well, as I said, I'm not a certificate expert, but I found some info here:

For these old systems, the SHA1 signature generated by the new SHA2 certificate I possess does not validate!

As I understand, SHA1 signatures can be generated by using SHA1 certificate or SHA2 certificate. The latter don't work on XP SP2 and older.

Sob · Post by *Sob » 2016-07-15, 21:53 UTC

TC has both sha1 and sha256 signatures, but Ghisler's signing certificate has only sha256 signature, and the same is true for CA's certificate used to sign Ghisler's. You need to verify whole chain from trusted root and it can't work when older systems don't understand sha256.

About possibility to get sha1 certificate, I know you can no longer get regular one (used e.g for https), but according to this TechNet article, it may be possible for code signing:

CAs SHOULD issue SHA-2 only, unless developer is targeting Vista and Server 2008 (for them, CAs MAY issue SHA-1)

Dalai · Post by *Dalai » 2016-07-15, 22:06 UTC

MarcinW wrote:Let me ask again: does anybody know, if an SHA1 certificate can still be obtained?

It depends on where you buy your cert. Some CAs may still sell them, but probably most of them have stopped doing so, to fade out the old unsecure algorithms. See e.g. Comodo's site:

January 1 2016 Comodo will no longer issue new SHA-1 based code signing or SSL certificates.

My opinion: Don't bother about the old systems not seeing a valid cert. If somebody still doesn't use the most current service pack, it's their problem. The important thing is that Vista and higher recognize the cert so the UAC dialog doesn't show the yellow thingy.

It may be a good idea to provide checksums for all files (setup and all installation files) to allow the users to manually verify the validity of TC's files. Even Microsoft has been doing this for a couple of years, after they realized it was "necessary".

Regards
Dalai

MarcinW · Post by *MarcinW » 2016-08-11, 13:20 UTC

As can be found here, Globalsign still issues SHA-1 certificates for those that need compatibility with Vista/Server 2008 and older:

GlobalSign will continue issuing SHA-1 Code Signing Certificates after January 1 st , 2016. During this period, GlobalSign will be offering a SHA-1 Code Signing Certificate free of charge with the purchase of a SHA-2 Code Signing Certificate.

BTW, it seems that an another certificate issue (another symptom of the problems described here) arisen also in Windows Server 2008: http://ghisler.ch/board/viewtopic.php?t=45196

Post by *ghisler(Author) » 2016-08-12, 16:22 UTC

Hmm, I can't find much about their SHA1 certificates. I assume that they are the same as the Verisign SHA1 certificates with which TC is currently dual-signed, so there will be no advantage.

Any idea how Microsoft solved this for their own system files? I checked the latest dlls on my Windows 7 system, they are also dual-signed with SHA1 and SHA256, but use Microsoft's own CA. Does this chain have SHA1 in all certs? Any tools with which I can check that?

Sob · Post by *Sob » 2016-08-12, 16:38 UTC

Just start from file properties, select signature, click Details, then in next dialog click View Certificate, and on Details tab you can see the signature algorithm. To inspect whole chain, switch to Certification Path tab in same dialog, select parent certificate (there are two, intermediate and root), click View Certificate and again check the algorithm on Details tab.

And yes, it's like this, certificate chain for sha256 signature is all sha256 certificates, while for sha1 signature there are only sha1 certificates.

Post by *ghisler(Author) » 2016-09-07, 19:48 UTC

I found a Stackoverflow reply which seems to describe the reason of the problem:
[quote]This approach relies on using two Authenticode certificates, one for SHA-1 and another for SHA-256, in order to ensure the files are accepted as valid by Windows Vista and Windows Server 2008 which do not support being signed by a SHA-256 certificate even if the SHA-1 algorithm is used[quote]

TC is signed with just a single certificate, both with SHA-1 and SHA-256 hash algorithm. But since the certificate itself is a SHA-256 certificate, Windows Server 2008 does not recognize it.

I would have to buy a separate SHA-1 based certificate, but no company is selling them any more...

j7n · Post by *j7n » 2016-09-08, 20:00 UTC

Do you have Windows Update KB3033929 installed? This is required to make Win7 use the SHA-2 signatures.

But you may be right that signature verification requires an internet connection.

My Windows 7 SP1 installation has SHA-256 support out of the box without updates. It says "the digital signature is OK". If an Internet connection is not available, then the verification process takes a long time (up to a minute), until attempts to contact Revocation servers time out. Assuming the root certificate is installed, verification is still successful.

That update is very large; I'd be hesitant to install one that warns about boot loaders. It might be relevant to driver code signing or the boot process, but is not needed to run normal software.

On Server 2008 (Vista), I can run TC installer if I copy it to a local hard drive first with a program other than MSIE. It doesn't run directly from the network without KB2763674.

I am dissappointed that Vista doesn't offer any owner override in this case, and nobody has a problem with it.

I don't understand what the perceived problem is with Win2000, since it does not enforce certificates in any way.

Post by *ghisler(Author) » 2016-09-12, 10:23 UTC

Please wait with installing! After some e-mails with Symantec support we found a solution: I had to request a re-issue of my certificate, and request a SHA-1-based certificate. My SHA-256-based certificate remains valid! Then I need to use these two separate certificates for the signature.

The SHA-1-based signature has the same base certificate as it was used for TC 8.52a! So if TC 8.52a is tested OK, then it should work also for TC 9.

I will use this for beta 14 on Wednesday. You can contact me by e-mail if you want a test file signed this way.

MarcinW · Post by *MarcinW » 2016-09-16, 00:56 UTC

TC 9.0 beta 14:

- Windows NT4 SP6, Windows 2000 RC2: digital signature is recognized after installing this certificate.
- Windows 2000 SP4 with all updates: digital signature is recognized properly.

So the problem is finally solved

What must be done (what commands must be called) to sign an executable in this way?

Post by *ghisler(Author) » 2016-09-16, 09:35 UTC

1. First, you need to get a second code signing certificate which uses SHA1 as the hash algorithm. Please follow these steps to receive it. You can ignore "Important Note: The Replacement procedure only deactivates the certificate. Previously signed code will not be affected.". The SHA256 certificate doesn't get deactivated!

2. Use these instructions for dual signing, with one important difference: In step 1, use the SHA1 certificate you ordered above. In step 2, use your SHA256 certificate you originally ordered!

MarcinW · Post by *MarcinW » 2016-09-16, 20:35 UTC

Many thanks for the info