Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 11, 2016, 02:00:19 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Why would a digitally signed executable be treated unsigned until viewing cert?  (Read 1953 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,435
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
I posted this over at Stack Overflow as well, but maybe someone here has an idea:

I'm getting a very odd result when running an executable that has been digitally signed.

The executable was signed using signtool.exe using a proper level 2 code signing certificate (not self-generated).

Testing on a Windows 7 machine, if i launch the signed executable, I get the windows warning dialog saying Publisher Unknown (i.e. not signed).

However, if i then cancel and right-click on the executable and go to Properties -> Digital Signatures, the Signature list shows the signed certificate, which i can then click on and choose "Details" to view the details of the signature, which is shown as "The digital signature is OK".

At that point, if i launch the executable, now all of a sudden windows properly recognizes that the exectuable is signed and reports the correct "Verified Publisher".

It seems like maybe Windows wasn't checking the certificate online until i went to view the actual certificate details from the properties dialog of the executable (note that it wasn't just a delay after launching the executable, it doesnt matter how long i wait or how many times i launch it, it treats it as unsigned until i go into Properties / Digital signatures of the file).

This a generic Windows 7 install I use for testing -- it hasn't been modified or tweaked in any way.

This behavior seems to defeat the main purpose of code signing on Windows-- how can it be that the executable is treated as unsigned unless the user knows to go into the right-click properties and digs around for a certificate.

Is there something I'm missing? Some way to mark the executable as one that Windows should actively go check the certificate of when executed?

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Have you tried uploading the executable somewhere, then downloading it via your browser? I'm guessing that a local file that has never been on a network share or downloaded by a browser doesn't have that extra (and annoying) NTFS alternate data stream with zone info (or whatever it's called) - and that explorer might not check for cert if that's missing?

I'd be very jaw-droppingly surprised if that's the case, but it's worth a shot.
- carpe noctem

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,435
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
thats a brilliant suggestion.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,435
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Well it was a brilliant suggestion but it didn't help.. Even after downloading the file from the internet using internet explorer, the behavior is the same.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,296
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Hm... I'm not sure about the upload download part, but f0dder's suggestion reminded me of one of the Emails I got regarding T-Clock throwing "Unknown Publisher" errors on a user's (XP) machine.

The fix was to run the Sysinternals streams utility against the .exe to remove the offending garbage data from the file. Here is the link he sent me, perhaps it will help you also.

http://www.petri.co....es-windows-vista.htm