Other Software > Developer's Corner

Why would a digitally signed executable be treated unsigned until viewing cert?

(1/1)

mouser:
I posted this over at Stack Overflow as well, but maybe someone here has an idea:

I'm getting a very odd result when running an executable that has been digitally signed.

The executable was signed using signtool.exe using a proper level 2 code signing certificate (not self-generated).

Testing on a Windows 7 machine, if i launch the signed executable, I get the windows warning dialog saying Publisher Unknown (i.e. not signed).

However, if i then cancel and right-click on the executable and go to Properties -> Digital Signatures, the Signature list shows the signed certificate, which i can then click on and choose "Details" to view the details of the signature, which is shown as "The digital signature is OK".

At that point, if i launch the executable, now all of a sudden windows properly recognizes that the exectuable is signed and reports the correct "Verified Publisher".

It seems like maybe Windows wasn't checking the certificate online until i went to view the actual certificate details from the properties dialog of the executable (note that it wasn't just a delay after launching the executable, it doesnt matter how long i wait or how many times i launch it, it treats it as unsigned until i go into Properties / Digital signatures of the file).

This a generic Windows 7 install I use for testing -- it hasn't been modified or tweaked in any way.

This behavior seems to defeat the main purpose of code signing on Windows-- how can it be that the executable is treated as unsigned unless the user knows to go into the right-click properties and digs around for a certificate.

Is there something I'm missing? Some way to mark the executable as one that Windows should actively go check the certificate of when executed?

f0dder:
Have you tried uploading the executable somewhere, then downloading it via your browser? I'm guessing that a local file that has never been on a network share or downloaded by a browser doesn't have that extra (and annoying) NTFS alternate data stream with zone info (or whatever it's called) - and that explorer might not check for cert if that's missing?

I'd be very jaw-droppingly surprised if that's the case, but it's worth a shot.

mouser:
thats a brilliant suggestion.

mouser:
Well it was a brilliant suggestion but it didn't help.. Even after downloading the file from the internet using internet explorer, the behavior is the same.

Stoic Joker:
Hm... I'm not sure about the upload download part, but f0dder's suggestion reminded me of one of the Emails I got regarding T-Clock throwing "Unknown Publisher" errors on a user's (XP) machine.

The fix was to run the Sysinternals streams utility against the .exe to remove the offending garbage data from the file. Here is the link he sent me, perhaps it will help you also.

http://www.petri.co.il/unblock-files-windows-vista.htm

Navigation

[0] Message Index