signed cat with some cross = SignTool Error: No signature found (v2.7)

Question

signed cat with some cross = SignTool Error: No signature found (v2.7)

westyles opened this issue a year ago · 3 comments

A few of my certificates with cross are fine. Windows and signtool verify ok.
But a few others with cross - Windows OK, but SignTool Error: No signature found

If you do not specify cross, then SignTool OK !!!
The problem with adding a cross for CAT
If you sign the sys files, then everything is ok with all of them!

signtool Fail (No signature found):

osslsigncode sign -in vfd.cat -out vfd_2.cat -nolegacy -h sha1 -time 1420059600 -verbose -spc Client+Int.crt -key Client+Int.key -ac CrossMS.crt  
signtool verify /v "vfd_2.cat"

Verifying: vfd_2.cat

Signature Index: 0 (Primary Signature)
Hash of file (sha1): EE4EF7342EC1E06B1A4133FFDFCA8B952FC0860F

Signing Certificate Chain:
File is not timestamped.

SignTool Error: No signature found.
.....................

signtool OK (signature found):

osslsigncode sign -in vfd.cat -out vfd_2.cat -nolegacy -h sha1 -time 1420059600 -verbose -spc Client+Int.crt -key Client+Int.key 
signtool verify /v "vfd_2.cat"

Verifying: vfd_2.cat

Signature Index: 0 (Primary Signature)
Hash of file (sha1): EE4EF7342EC1E06B1A4133FFDFCA8B952FC0860F

Signing Certificate Chain:
    Issued to: VeriSign Class 3 Public Primary Certification Authority - G5
    Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
    Expires:   Thu Jul 17 02:59:59 2036
    SHA1 hash: 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5

        Issued to: VeriSign Class 3 Code Signing 2010 CA
        Issued by: VeriSign Class 3 Public Primary Certification Authority - G5
        Expires:   Sat Feb 08 02:59:59 2020
        SHA1 hash: 495847A93187CFB8C71F840CB7B41497AD95C64F

            Issued to: MEDIATEK INC.
            Issued by: VeriSign Class 3 Code Signing 2010 CA
            Expires:   Sun Jun 25 02:59:59 2017
            SHA1 hash: A7DC8CB973EF5F54AF0889549D84DEE51A7DB839

File is not timestamped.
...............

Attached file with problematic certificates with cross
Certs+cat.zip

Answer 1 · 2023-10-17T13:38:04.000Z

Hello. Please build a beta version with these changes, then I can check the result of this change. I am not able to build osslsigncode on Windows 10 according to the provided instructions to test this before your release.

Answer 2 · 2023-10-17T15:14:54.000Z

No need for a beta version. GitHub Actions automatically builds all new code:
https://github.com/mtrojnar/osslsigncode/suites/17322045454/artifacts/989702084

Answer 3 · 2023-10-17T16:54:33.000Z

No need for a beta version. GitHub Actions automatically builds all new code:

Confirmed osslsigncode-2.8-dev, now correctly signs cat with all my certificates with cross. Including timestamps. I'll keep testing.
I didn't know how to get a dev link like that, thank you.