mirror of
https://github.com/veracrypt/VeraCrypt.git
synced 2025-11-11 11:08:02 -06:00
Windows: sign binaries using both SHA-1 and SHA-256 for maximum compatibility. Add requirement for Windows SDK 8.1 that contains signtool.exe version that enables this.
This commit is contained in:
Mounir IDRASSI
@@ -46,6 +46,7 @@ Requirements for Building VeraCrypt for Windows:
|
|||||||
- Microsoft Visual C++ 2008 SP1 (Professional Edition or compatible)
|
- Microsoft Visual C++ 2008 SP1 (Professional Edition or compatible)
|
||||||
- Microsoft Visual C++ 1.52 (available from MSDN Subscriber Downloads)
|
- Microsoft Visual C++ 1.52 (available from MSDN Subscriber Downloads)
|
||||||
- Microsoft Windows SDK for Windows 7 (configured for Visual C++)
|
- Microsoft Windows SDK for Windows 7 (configured for Visual C++)
|
||||||
|
- Microsoft Windows SDK for Windows 8.1 (needed for SHA-256 code signing)
|
||||||
- Microsoft Windows Driver Kit 7.1.0 (build 7600.16385.1)
|
- Microsoft Windows Driver Kit 7.1.0 (build 7600.16385.1)
|
||||||
- RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) 2.20
|
- RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) 2.20
|
||||||
header files (available at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20)
|
header files (available at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20)
|
||||||
@@ -105,6 +106,8 @@ Instructions for Building VeraCrypt for Windows:
|
|||||||
Instructions for Signing and Packaging VeraCrypt for Windows:
|
Instructions for Signing and Packaging VeraCrypt for Windows:
|
||||||
-------------------------------------------------------------
|
-------------------------------------------------------------
|
||||||
|
|
||||||
|
First, create an environment variable 'WSDK81' pointing to the Windows SDK
|
||||||
|
for Windows 8.1 installation directory.
|
||||||
The folder "Signing" contains a batch file (sign.bat) that will sign all
|
The folder "Signing" contains a batch file (sign.bat) that will sign all
|
||||||
VeraCrypt components using a code signing certificate present on the
|
VeraCrypt components using a code signing certificate present on the
|
||||||
certificate store and also build the final installation setup.
|
certificate store and also build the final installation setup.
|
||||||
@@ -259,4 +262,3 @@ VI. Further Information
|
|||||||
=======================
|
=======================
|
||||||
|
|
||||||
http://www.veracrypt.fr
|
http://www.veracrypt.fr
|
||||||
|
|
||||||
|
|||||||
@@ -46,6 +46,7 @@ Requirements for Building VeraCrypt for Windows:
|
|||||||
- Microsoft Visual C++ 2008 SP1 (Professional Edition or compatible)
|
- Microsoft Visual C++ 2008 SP1 (Professional Edition or compatible)
|
||||||
- Microsoft Visual C++ 1.52 (available from MSDN Subscriber Downloads)
|
- Microsoft Visual C++ 1.52 (available from MSDN Subscriber Downloads)
|
||||||
- Microsoft Windows SDK for Windows 7 (configured for Visual C++)
|
- Microsoft Windows SDK for Windows 7 (configured for Visual C++)
|
||||||
|
- Microsoft Windows SDK for Windows 8.1 (needed for SHA-256 code signing)
|
||||||
- Microsoft Windows Driver Kit 7.1.0 (build 7600.16385.1)
|
- Microsoft Windows Driver Kit 7.1.0 (build 7600.16385.1)
|
||||||
- RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) 2.20
|
- RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) 2.20
|
||||||
header files (available at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20)
|
header files (available at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20)
|
||||||
@@ -105,6 +106,8 @@ Instructions for Building VeraCrypt for Windows:
|
|||||||
Instructions for Signing and Packaging VeraCrypt for Windows:
|
Instructions for Signing and Packaging VeraCrypt for Windows:
|
||||||
-------------------------------------------------------------
|
-------------------------------------------------------------
|
||||||
|
|
||||||
|
First, create an environment variable 'WSDK81' pointing to the Windows SDK
|
||||||
|
for Windows 8.1 installation directory.
|
||||||
The folder "Signing" contains a batch file (sign.bat) that will sign all
|
The folder "Signing" contains a batch file (sign.bat) that will sign all
|
||||||
VeraCrypt components using a code signing certificate present on the
|
VeraCrypt components using a code signing certificate present on the
|
||||||
certificate store and also build the final installation setup.
|
certificate store and also build the final installation setup.
|
||||||
|
|||||||
@@ -1,15 +1,12 @@
|
|||||||
PATH=%PATH%;%DDK%\bin\x86
|
PATH=%PATH%;%WSDK81%\bin\x86
|
||||||
|
|
||||||
signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys"
|
rem sign using SHA-1
|
||||||
signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt-x64.sys"
|
signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
|
||||||
|
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
||||||
|
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe"
|
rem sign using SHA-256
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Format.exe"
|
signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCryptExpander.exe"
|
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
||||||
|
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt-x64.exe"
|
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Format-x64.exe"
|
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
|
||||||
|
|
||||||
cd "..\Release\Setup Files\"
|
cd "..\Release\Setup Files\"
|
||||||
|
|
||||||
@@ -21,6 +18,9 @@ del *.xml
|
|||||||
|
|
||||||
cd "..\..\Signing"
|
cd "..\..\Signing"
|
||||||
|
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
rem sign using SHA-1
|
||||||
|
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
||||||
|
rem sign using SHA-256
|
||||||
|
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
||||||
|
|
||||||
pause
|
pause
|
||||||
@@ -1,18 +1,13 @@
|
|||||||
PATH=%PATH%;%DDK%\bin\x86
|
PATH=%PATH%;%WSDK81%\bin\x86
|
||||||
|
|
||||||
set PFXNAME=TestCertificate\idrix_codeSign.pfx
|
set PFXNAME=TestCertificate\idrix_codeSign.pfx
|
||||||
set PFXPASSWORD=idrix
|
set PFXPASSWORD=idrix
|
||||||
|
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys"
|
rem sign using SHA-1
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt-x64.sys"
|
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
||||||
|
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe"
|
rem sign using SHA-256
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Format.exe"
|
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCryptExpander.exe"
|
|
||||||
|
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCryptx-x64.exe"
|
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Format-x64.exe"
|
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
|
||||||
|
|
||||||
cd "..\Release\Setup Files\"
|
cd "..\Release\Setup Files\"
|
||||||
|
|
||||||
@@ -24,6 +19,10 @@ del *.xml
|
|||||||
|
|
||||||
cd "..\..\Signing"
|
cd "..\..\Signing"
|
||||||
|
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
rem sign using SHA-1
|
||||||
|
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
||||||
|
|
||||||
|
rem sign using SHA-256
|
||||||
|
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
||||||
|
|
||||||
pause
|
pause
|
||||||
Reference in New Issue
Block a user