mirror of
https://github.com/veracrypt/VeraCrypt.git
synced 2025-11-11 02:58:02 -06:00
Windows: sign binaries using both SHA-1 and SHA-256 for maximum compatibility. Add requirement for Windows SDK 8.1 that contains signtool.exe version that enables this.
This commit is contained in:
Mounir IDRASSI
526
README.md
526
README.md
@@ -1,262 +1,264 @@
|
|||||||
This archive contains the source code of VeraCrypt.
|
This archive contains the source code of VeraCrypt.
|
||||||
It is based on original TrueCrypt 7.1a with security enhancements and modifications.
|
It is based on original TrueCrypt 7.1a with security enhancements and modifications.
|
||||||
|
|
||||||
|
|
||||||
Important
|
Important
|
||||||
=========
|
=========
|
||||||
|
|
||||||
You may use the source code contained in this archive only if you accept and
|
You may use the source code contained in this archive only if you accept and
|
||||||
agree to the license terms contained in the file 'License.txt', which is
|
agree to the license terms contained in the file 'License.txt', which is
|
||||||
included in this archive.
|
included in this archive.
|
||||||
|
|
||||||
Note that the license specifies, for example, that a derived work must not be
|
Note that the license specifies, for example, that a derived work must not be
|
||||||
called 'TrueCrypt' or 'VeraCrypt'
|
called 'TrueCrypt' or 'VeraCrypt'
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Contents
|
Contents
|
||||||
========
|
========
|
||||||
|
|
||||||
I. Windows
|
I. Windows
|
||||||
Requirements for Building VeraCrypt for Windows
|
Requirements for Building VeraCrypt for Windows
|
||||||
Instructions for Building VeraCrypt for Windows
|
Instructions for Building VeraCrypt for Windows
|
||||||
Instructions for Signing and Packaging VeraCrypt for Windows
|
Instructions for Signing and Packaging VeraCrypt for Windows
|
||||||
|
|
||||||
II. Linux and Mac OS X
|
II. Linux and Mac OS X
|
||||||
Requirements for Building VeraCrypt for Linux and Mac OS X
|
Requirements for Building VeraCrypt for Linux and Mac OS X
|
||||||
Instructions for Building VeraCrypt for Linux and Mac OS X
|
Instructions for Building VeraCrypt for Linux and Mac OS X
|
||||||
Mac OS X specifics
|
Mac OS X specifics
|
||||||
|
|
||||||
III. FreeBSD and OpenSolaris
|
III. FreeBSD and OpenSolaris
|
||||||
|
|
||||||
IV. Third-Party Developers (Contributors)
|
IV. Third-Party Developers (Contributors)
|
||||||
|
|
||||||
V. Legal Information
|
V. Legal Information
|
||||||
|
|
||||||
VI. Further Information
|
VI. Further Information
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
I. Windows
|
I. Windows
|
||||||
==========
|
==========
|
||||||
|
|
||||||
Requirements for Building VeraCrypt for Windows:
|
Requirements for Building VeraCrypt for Windows:
|
||||||
------------------------------------------------
|
------------------------------------------------
|
||||||
|
|
||||||
- Microsoft Visual C++ 2008 SP1 (Professional Edition or compatible)
|
- Microsoft Visual C++ 2008 SP1 (Professional Edition or compatible)
|
||||||
- Microsoft Visual C++ 1.52 (available from MSDN Subscriber Downloads)
|
- Microsoft Visual C++ 1.52 (available from MSDN Subscriber Downloads)
|
||||||
- Microsoft Windows SDK for Windows 7 (configured for Visual C++)
|
- Microsoft Windows SDK for Windows 7 (configured for Visual C++)
|
||||||
- Microsoft Windows Driver Kit 7.1.0 (build 7600.16385.1)
|
- Microsoft Windows SDK for Windows 8.1 (needed for SHA-256 code signing)
|
||||||
- RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) 2.20
|
- Microsoft Windows Driver Kit 7.1.0 (build 7600.16385.1)
|
||||||
header files (available at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20)
|
- RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) 2.20
|
||||||
- NASM assembler 2.08 or compatible
|
header files (available at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20)
|
||||||
- gzip compressor
|
- NASM assembler 2.08 or compatible
|
||||||
- upx packer (available at http://upx.sourceforge.net/)
|
- gzip compressor
|
||||||
|
- upx packer (available at http://upx.sourceforge.net/)
|
||||||
IMPORTANT:
|
|
||||||
|
IMPORTANT:
|
||||||
The 64-bit editions of Windows Vista and later versions of Windows, and in
|
|
||||||
some cases (e.g. playback of HD DVD content) also the 32-bit editions, do not
|
The 64-bit editions of Windows Vista and later versions of Windows, and in
|
||||||
allow the VeraCrypt driver to run without an appropriate digital signature.
|
some cases (e.g. playback of HD DVD content) also the 32-bit editions, do not
|
||||||
Therefore, all .sys files in official VeraCrypt binary packages are digitally
|
allow the VeraCrypt driver to run without an appropriate digital signature.
|
||||||
signed with the digital certificate of the IDRIX, which was
|
Therefore, all .sys files in official VeraCrypt binary packages are digitally
|
||||||
issued by Thawte certification authority. At the end of each official .exe and
|
signed with the digital certificate of the IDRIX, which was
|
||||||
.sys file, there are embedded digital signatures and all related certificates
|
issued by Thawte certification authority. At the end of each official .exe and
|
||||||
(i.e. all certificates in the relevant certification chain, such as the
|
.sys file, there are embedded digital signatures and all related certificates
|
||||||
certification authority certificates, CA-MS cross-certificate, and the
|
(i.e. all certificates in the relevant certification chain, such as the
|
||||||
IDRIX certificate).
|
certification authority certificates, CA-MS cross-certificate, and the
|
||||||
Keep this in mind if you compile VeraCrypt
|
IDRIX certificate).
|
||||||
and compare your binaries with the official binaries. If your binaries are
|
Keep this in mind if you compile VeraCrypt
|
||||||
unsigned, the sizes of the official binaries will usually be approximately
|
and compare your binaries with the official binaries. If your binaries are
|
||||||
10 KB greater than sizes of your binaries (there may be further differences
|
unsigned, the sizes of the official binaries will usually be approximately
|
||||||
if you use a different version of the compiler, or if you install a different
|
10 KB greater than sizes of your binaries (there may be further differences
|
||||||
or no service pack for Visual Studio, or different hotfixes for it, or if you
|
if you use a different version of the compiler, or if you install a different
|
||||||
use different versions of the required SDKs).
|
or no service pack for Visual Studio, or different hotfixes for it, or if you
|
||||||
|
use different versions of the required SDKs).
|
||||||
|
|
||||||
Instructions for Building VeraCrypt for Windows:
|
|
||||||
------------------------------------------------
|
Instructions for Building VeraCrypt for Windows:
|
||||||
|
------------------------------------------------
|
||||||
1) Create an environment variable 'MSVC16_ROOT' pointing to the folder 'MSVC15'
|
|
||||||
extracted from the Visual C++ 1.52 self-extracting package.
|
1) Create an environment variable 'MSVC16_ROOT' pointing to the folder 'MSVC15'
|
||||||
|
extracted from the Visual C++ 1.52 self-extracting package.
|
||||||
Note: The 16-bit installer MSVC15\SETUP.EXE cannot be run on 64-bit Windows,
|
|
||||||
but it is actually not necessary to run it. You only need to extract the
|
Note: The 16-bit installer MSVC15\SETUP.EXE cannot be run on 64-bit Windows,
|
||||||
folder 'MSVC15', which contains the 32-bit binaries required to build the
|
but it is actually not necessary to run it. You only need to extract the
|
||||||
VeraCrypt Boot Loader.
|
folder 'MSVC15', which contains the 32-bit binaries required to build the
|
||||||
|
VeraCrypt Boot Loader.
|
||||||
2) If you have installed the Windows Driver Development Kit in another
|
|
||||||
directory than '%SYSTEMDRIVE%\WinDDK', create an environment variable
|
2) If you have installed the Windows Driver Development Kit in another
|
||||||
'WINDDK_ROOT' pointing to the DDK installation directory.
|
directory than '%SYSTEMDRIVE%\WinDDK', create an environment variable
|
||||||
|
'WINDDK_ROOT' pointing to the DDK installation directory.
|
||||||
3) Copy the PKCS #11 header files to a standard include path or create an
|
|
||||||
environment variable 'PKCS11_INC' pointing to the directory where
|
3) Copy the PKCS #11 header files to a standard include path or create an
|
||||||
the PKCS #11 header files are installed.
|
environment variable 'PKCS11_INC' pointing to the directory where
|
||||||
|
the PKCS #11 header files are installed.
|
||||||
4) Open the solution file 'VeraCrypt.sln' in Microsoft Visual Studio 2008.
|
|
||||||
|
4) Open the solution file 'VeraCrypt.sln' in Microsoft Visual Studio 2008.
|
||||||
5) Select 'All' as the active solution configuration.
|
|
||||||
|
5) Select 'All' as the active solution configuration.
|
||||||
6) Build the solution.
|
|
||||||
|
6) Build the solution.
|
||||||
7) If successful, there should be newly built VeraCrypt binaries in the
|
|
||||||
'Release' folder.
|
7) If successful, there should be newly built VeraCrypt binaries in the
|
||||||
|
'Release' folder.
|
||||||
Instructions for Signing and Packaging VeraCrypt for Windows:
|
|
||||||
-------------------------------------------------------------
|
Instructions for Signing and Packaging VeraCrypt for Windows:
|
||||||
|
-------------------------------------------------------------
|
||||||
The folder "Signing" contains a batch file (sign.bat) that will sign all
|
|
||||||
VeraCrypt components using a code signing certificate present on the
|
First, create an environment variable 'WSDK81' pointing to the Windows SDK
|
||||||
certificate store and also build the final installation setup.
|
for Windows 8.1 installation directory.
|
||||||
The batch file suppose that the code signing certificate is issued by Thawt.
|
The folder "Signing" contains a batch file (sign.bat) that will sign all
|
||||||
This is the case for IDRIX's certificate. If yours is issued by another CA,
|
VeraCrypt components using a code signing certificate present on the
|
||||||
then you should put the Root and Intermediate certificates in the "Signing"
|
certificate store and also build the final installation setup.
|
||||||
folder and then modify sign.bat accordingly.
|
The batch file suppose that the code signing certificate is issued by Thawt.
|
||||||
|
This is the case for IDRIX's certificate. If yours is issued by another CA,
|
||||||
|
then you should put the Root and Intermediate certificates in the "Signing"
|
||||||
II. Linux and Mac OS X
|
folder and then modify sign.bat accordingly.
|
||||||
======================
|
|
||||||
|
|
||||||
Requirements for Building VeraCrypt for Linux and Mac OS X:
|
II. Linux and Mac OS X
|
||||||
-----------------------------------------------------------
|
======================
|
||||||
|
|
||||||
- GNU Make
|
Requirements for Building VeraCrypt for Linux and Mac OS X:
|
||||||
- GNU C++ Compiler 4.0 or compatible
|
-----------------------------------------------------------
|
||||||
- Apple Xcode (Mac OS X only)
|
|
||||||
- NASM assembler 2.08 or compatible (x86/x64 architecture only)
|
- GNU Make
|
||||||
- pkg-config
|
- GNU C++ Compiler 4.0 or compatible
|
||||||
- makeself (Linux only)
|
- Apple Xcode (Mac OS X only)
|
||||||
- wxWidgets 3.0 shared library and header files installed or
|
- NASM assembler 2.08 or compatible (x86/x64 architecture only)
|
||||||
wxWidgets 3.0 library source code (available at http://www.wxwidgets.org)
|
- pkg-config
|
||||||
- FUSE library and header files (available at http://fuse.sourceforge.net
|
- makeself (Linux only)
|
||||||
and https://osxfuse.github.io/)
|
- wxWidgets 3.0 shared library and header files installed or
|
||||||
- RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) 2.20
|
wxWidgets 3.0 library source code (available at http://www.wxwidgets.org)
|
||||||
header files (available at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20).
|
- FUSE library and header files (available at http://fuse.sourceforge.net
|
||||||
They are already included in the source tree under the directory PKCS11 but
|
and https://osxfuse.github.io/)
|
||||||
it is possible to override it using the environment variable 'PKCS11_INC'.
|
- RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) 2.20
|
||||||
|
header files (available at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20).
|
||||||
|
They are already included in the source tree under the directory PKCS11 but
|
||||||
Instructions for Building VeraCrypt for Linux and Mac OS X:
|
it is possible to override it using the environment variable 'PKCS11_INC'.
|
||||||
-----------------------------------------------------------
|
|
||||||
|
|
||||||
1) Change the current directory to the root of the VeraCrypt source code.
|
Instructions for Building VeraCrypt for Linux and Mac OS X:
|
||||||
|
-----------------------------------------------------------
|
||||||
2) If you have no wxWidgets shared library installed, run the following
|
|
||||||
command to configure the wxWidgets static library for VeraCrypt and to
|
1) Change the current directory to the root of the VeraCrypt source code.
|
||||||
build it:
|
|
||||||
|
2) If you have no wxWidgets shared library installed, run the following
|
||||||
$ make WXSTATIC=1 WX_ROOT=/usr/src/wxWidgets wxbuild
|
command to configure the wxWidgets static library for VeraCrypt and to
|
||||||
|
build it:
|
||||||
The variable WX_ROOT must point to the location of the source code of the
|
|
||||||
wxWidgets library. Output files will be placed in the './wxrelease/'
|
$ make WXSTATIC=1 WX_ROOT=/usr/src/wxWidgets wxbuild
|
||||||
directory.
|
|
||||||
|
The variable WX_ROOT must point to the location of the source code of the
|
||||||
3) To build VeraCrypt, run the following command:
|
wxWidgets library. Output files will be placed in the './wxrelease/'
|
||||||
|
directory.
|
||||||
$ make
|
|
||||||
|
3) To build VeraCrypt, run the following command:
|
||||||
or if you have no wxWidgets shared library installed:
|
|
||||||
|
$ make
|
||||||
$ make WXSTATIC=1
|
|
||||||
|
or if you have no wxWidgets shared library installed:
|
||||||
4) If successful, the VeraCrypt executable should be located in the directory
|
|
||||||
'Main'.
|
$ make WXSTATIC=1
|
||||||
|
|
||||||
By default, a universal executable supporting both graphical and text user
|
4) If successful, the VeraCrypt executable should be located in the directory
|
||||||
interface (through the switch --text) is built.
|
'Main'.
|
||||||
On Linux, a console-only executable, which requires no GUI library, can be
|
|
||||||
built using the 'NOGUI' parameter:
|
By default, a universal executable supporting both graphical and text user
|
||||||
|
interface (through the switch --text) is built.
|
||||||
$ make NOGUI=1 WXSTATIC=1 WX_ROOT=/usr/src/wxWidgets wxbuild
|
On Linux, a console-only executable, which requires no GUI library, can be
|
||||||
$ make NOGUI=1 WXSTATIC=1
|
built using the 'NOGUI' parameter:
|
||||||
|
|
||||||
On MacOSX, building a console-only executable is not supported.
|
$ make NOGUI=1 WXSTATIC=1 WX_ROOT=/usr/src/wxWidgets wxbuild
|
||||||
|
$ make NOGUI=1 WXSTATIC=1
|
||||||
Mac OS X specifics:
|
|
||||||
-----------------------------------------------------------
|
On MacOSX, building a console-only executable is not supported.
|
||||||
|
|
||||||
Under MacOSX, the SDK for OSX 10.7 is used by default. To use another version
|
Mac OS X specifics:
|
||||||
of the SDK (i.e. 10.6), you can export the environment variable VC_OSX_TARGET:
|
-----------------------------------------------------------
|
||||||
|
|
||||||
$ export VC_OSX_TARGET=10.6
|
Under MacOSX, the SDK for OSX 10.7 is used by default. To use another version
|
||||||
|
of the SDK (i.e. 10.6), you can export the environment variable VC_OSX_TARGET:
|
||||||
|
|
||||||
Before building under MacOSX, pkg-config must be installed if not yet available.
|
$ export VC_OSX_TARGET=10.6
|
||||||
Get it from http://pkgconfig.freedesktop.org/releases/pkg-config-0.28.tar.gz and
|
|
||||||
compile using the following commands :
|
|
||||||
|
Before building under MacOSX, pkg-config must be installed if not yet available.
|
||||||
$ ./configure --with-internal-glib
|
Get it from http://pkgconfig.freedesktop.org/releases/pkg-config-0.28.tar.gz and
|
||||||
$ make
|
compile using the following commands :
|
||||||
$ sudo make install
|
|
||||||
|
$ ./configure --with-internal-glib
|
||||||
After making sure pkg-config is available, download and install OSXFuse from
|
$ make
|
||||||
https://osxfuse.github.io/ (MacFUSE compatibility layer must selected)
|
$ sudo make install
|
||||||
|
|
||||||
The script build_veracrypt_macosx.sh available under "src/Build" performs the
|
After making sure pkg-config is available, download and install OSXFuse from
|
||||||
full build of VeraCrypt including the creation of the installer pkg. It expects
|
https://osxfuse.github.io/ (MacFUSE compatibility layer must selected)
|
||||||
to find the wxWidgets 3.0.2 sources at the same level as where you put
|
|
||||||
VeraCrypt sources (i.e. if "src" path is "/Users/joe/Projects/VeraCrypt/src"
|
The script build_veracrypt_macosx.sh available under "src/Build" performs the
|
||||||
then wxWidgets should be at "/Users/joe/Projects/wxWidgets-wxWidgets-3.0.2")
|
full build of VeraCrypt including the creation of the installer pkg. It expects
|
||||||
|
to find the wxWidgets 3.0.2 sources at the same level as where you put
|
||||||
The build process uses Code Signing certificates whose ID is specified in
|
VeraCrypt sources (i.e. if "src" path is "/Users/joe/Projects/VeraCrypt/src"
|
||||||
src/Main/Main.make (lines 167 & 169). You'll have to modify these lines to put
|
then wxWidgets should be at "/Users/joe/Projects/wxWidgets-wxWidgets-3.0.2")
|
||||||
the ID of your Code Signing certificates or comment them if you don't have one.
|
|
||||||
|
The build process uses Code Signing certificates whose ID is specified in
|
||||||
Because of incompatibility issues with OSXFUSE, the SDK 10.9 generates a
|
src/Main/Main.make (lines 167 & 169). You'll have to modify these lines to put
|
||||||
VeraCrypt binary that has issues communicating with the OSXFUSE kernel extension.
|
the ID of your Code Signing certificates or comment them if you don't have one.
|
||||||
Thus, we recommend to use the SDK 10.8 or earlier for building VeraCrypt.
|
|
||||||
|
Because of incompatibility issues with OSXFUSE, the SDK 10.9 generates a
|
||||||
|
VeraCrypt binary that has issues communicating with the OSXFUSE kernel extension.
|
||||||
|
Thus, we recommend to use the SDK 10.8 or earlier for building VeraCrypt.
|
||||||
III. FreeBSD and OpenSolaris
|
|
||||||
============================
|
|
||||||
|
|
||||||
FreeBSD and OpenSolaris are not yet supported.
|
III. FreeBSD and OpenSolaris
|
||||||
|
============================
|
||||||
|
|
||||||
|
FreeBSD and OpenSolaris are not yet supported.
|
||||||
IV. Third-Party Developers (Contributors)
|
|
||||||
=========================================
|
|
||||||
|
|
||||||
If you intend to implement a feature, please contact us first to make sure:
|
IV. Third-Party Developers (Contributors)
|
||||||
|
=========================================
|
||||||
1) That the feature has not been implemented (we may have already implemented
|
|
||||||
it, but haven't released the code yet).
|
If you intend to implement a feature, please contact us first to make sure:
|
||||||
2) That the feature is acceptable.
|
|
||||||
3) Whether we need help of third-party developers with implementing the feature.
|
1) That the feature has not been implemented (we may have already implemented
|
||||||
|
it, but haven't released the code yet).
|
||||||
Information on how to contact us can be found at:
|
2) That the feature is acceptable.
|
||||||
https://veracrypt.codeplex.com/
|
3) Whether we need help of third-party developers with implementing the feature.
|
||||||
|
|
||||||
|
Information on how to contact us can be found at:
|
||||||
|
https://veracrypt.codeplex.com/
|
||||||
V. Legal Information
|
|
||||||
====================
|
|
||||||
|
|
||||||
Copyright Information
|
V. Legal Information
|
||||||
---------------------
|
====================
|
||||||
|
|
||||||
This software as a whole:
|
Copyright Information
|
||||||
Copyright (c) 2013-2015 IDRIX. All rights reserved.
|
---------------------
|
||||||
|
|
||||||
Portions of this software:
|
This software as a whole:
|
||||||
Copyright (c) 2003-2012 TrueCrypt Developers Association. All rights reserved.
|
Copyright (c) 2013-2015 IDRIX. All rights reserved.
|
||||||
Copyright (c) 1998-2000 Paul Le Roux. All rights reserved.
|
|
||||||
Copyright (c) 1998-2008 Brian Gladman, Worcester, UK. All rights reserved.
|
Portions of this software:
|
||||||
Copyright (c) 2002-2004 Mark Adler. All rights reserved.
|
Copyright (c) 2003-2012 TrueCrypt Developers Association. All rights reserved.
|
||||||
For more information, please see the legal notices attached to parts of the
|
Copyright (c) 1998-2000 Paul Le Roux. All rights reserved.
|
||||||
source code.
|
Copyright (c) 1998-2008 Brian Gladman, Worcester, UK. All rights reserved.
|
||||||
|
Copyright (c) 2002-2004 Mark Adler. All rights reserved.
|
||||||
Trademark Information
|
For more information, please see the legal notices attached to parts of the
|
||||||
---------------------
|
source code.
|
||||||
|
|
||||||
Any trademarks contained in the source code, binaries, and/or in the
|
Trademark Information
|
||||||
documentation, are the sole property of their respective owners.
|
---------------------
|
||||||
|
|
||||||
|
Any trademarks contained in the source code, binaries, and/or in the
|
||||||
|
documentation, are the sole property of their respective owners.
|
||||||
VI. Further Information
|
|
||||||
=======================
|
|
||||||
|
|
||||||
http://www.veracrypt.fr
|
VI. Further Information
|
||||||
|
=======================
|
||||||
|
|
||||||
|
http://www.veracrypt.fr
|
||||||
|
|||||||
@@ -46,6 +46,7 @@ Requirements for Building VeraCrypt for Windows:
|
|||||||
- Microsoft Visual C++ 2008 SP1 (Professional Edition or compatible)
|
- Microsoft Visual C++ 2008 SP1 (Professional Edition or compatible)
|
||||||
- Microsoft Visual C++ 1.52 (available from MSDN Subscriber Downloads)
|
- Microsoft Visual C++ 1.52 (available from MSDN Subscriber Downloads)
|
||||||
- Microsoft Windows SDK for Windows 7 (configured for Visual C++)
|
- Microsoft Windows SDK for Windows 7 (configured for Visual C++)
|
||||||
|
- Microsoft Windows SDK for Windows 8.1 (needed for SHA-256 code signing)
|
||||||
- Microsoft Windows Driver Kit 7.1.0 (build 7600.16385.1)
|
- Microsoft Windows Driver Kit 7.1.0 (build 7600.16385.1)
|
||||||
- RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) 2.20
|
- RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) 2.20
|
||||||
header files (available at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20)
|
header files (available at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20)
|
||||||
@@ -105,6 +106,8 @@ Instructions for Building VeraCrypt for Windows:
|
|||||||
Instructions for Signing and Packaging VeraCrypt for Windows:
|
Instructions for Signing and Packaging VeraCrypt for Windows:
|
||||||
-------------------------------------------------------------
|
-------------------------------------------------------------
|
||||||
|
|
||||||
|
First, create an environment variable 'WSDK81' pointing to the Windows SDK
|
||||||
|
for Windows 8.1 installation directory.
|
||||||
The folder "Signing" contains a batch file (sign.bat) that will sign all
|
The folder "Signing" contains a batch file (sign.bat) that will sign all
|
||||||
VeraCrypt components using a code signing certificate present on the
|
VeraCrypt components using a code signing certificate present on the
|
||||||
certificate store and also build the final installation setup.
|
certificate store and also build the final installation setup.
|
||||||
|
|||||||
@@ -1,15 +1,12 @@
|
|||||||
PATH=%PATH%;%DDK%\bin\x86
|
PATH=%PATH%;%WSDK81%\bin\x86
|
||||||
|
|
||||||
signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys"
|
rem sign using SHA-1
|
||||||
signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt-x64.sys"
|
signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
|
||||||
|
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
||||||
|
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe"
|
rem sign using SHA-256
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Format.exe"
|
signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCryptExpander.exe"
|
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
||||||
|
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt-x64.exe"
|
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Format-x64.exe"
|
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
|
||||||
|
|
||||||
cd "..\Release\Setup Files\"
|
cd "..\Release\Setup Files\"
|
||||||
|
|
||||||
@@ -21,6 +18,9 @@ del *.xml
|
|||||||
|
|
||||||
cd "..\..\Signing"
|
cd "..\..\Signing"
|
||||||
|
|
||||||
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
rem sign using SHA-1
|
||||||
|
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
||||||
|
rem sign using SHA-256
|
||||||
|
signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
||||||
|
|
||||||
pause
|
pause
|
||||||
|
|||||||
@@ -1,18 +1,13 @@
|
|||||||
PATH=%PATH%;%DDK%\bin\x86
|
PATH=%PATH%;%WSDK81%\bin\x86
|
||||||
|
|
||||||
set PFXNAME=TestCertificate\idrix_codeSign.pfx
|
set PFXNAME=TestCertificate\idrix_codeSign.pfx
|
||||||
set PFXPASSWORD=idrix
|
set PFXPASSWORD=idrix
|
||||||
|
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys"
|
rem sign using SHA-1
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt-x64.sys"
|
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
||||||
|
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe"
|
rem sign using SHA-256
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Format.exe"
|
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCryptExpander.exe"
|
|
||||||
|
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCryptx-x64.exe"
|
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Format-x64.exe"
|
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCryptExpander-x64.exe"
|
|
||||||
|
|
||||||
cd "..\Release\Setup Files\"
|
cd "..\Release\Setup Files\"
|
||||||
|
|
||||||
@@ -24,6 +19,10 @@ del *.xml
|
|||||||
|
|
||||||
cd "..\..\Signing"
|
cd "..\..\Signing"
|
||||||
|
|
||||||
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
rem sign using SHA-1
|
||||||
|
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
||||||
|
|
||||||
|
rem sign using SHA-256
|
||||||
|
signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
|
||||||
|
|
||||||
pause
|
pause
|
||||||
Reference in New Issue
Block a user