Coder Social home page Coder Social logo

authenticode-js's People

Contributors

ylianst avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

smartekit si458 matt-primrose rasata eltondecerqueira monkfire ccalado

authenticode-js's Issues

Unable to load certificate and/or private key error

Went round and round with Sectigo, finally got a certificate. Had to convert to pem format. When signing with authenticode-js, the title error was displayed. Looking in the code, I found that with one change I could make it work.

At line 67, the program is looking for the private key:

var PemKeys = pem.split('-----BEGIN RSA PRIVATE KEY-----');

but in my pem file, the header is "-----BEGIN PRIVATE KEY-----". I don't know if it was a mistake in how I converted the file or something else. I edited my pem file and added the "RSA " where indicated, and reran the code signing. This time it worked. info showed proper signing, and Properties in Windows displayed my certificate.

timestamps not being added

Hi,
not sure if its a bug or me being stupid,
it signs correctly but the timestamps are missing?
both in the signature list AND the signer information sections?
also the countersignatures is blank too?

node authenticode.js sign --exe /opt/meshcentral/meshcentral-data/signedagents/MeshService64.exe --out /opt/meshcentral/meshcentral-data/signedagents/MeshService64out.exe --pem /opt/meshcentral/meshcentral-data/mycert/trythis.pem --url http://timestamp.comodoca.com

missing CompanyName as sign attribute from cli

when i read node.exe the is an attribute for the companyname which gets shows in Windows Explorer when you hover over the file

~FileVersion: '16.16.0.0'
~ProductVersion: '16.16.0.0'
CompanyName: 'Node.js'
FileDescription: 'Node.js JavaScript Runtime'
FileVersion: '16.16.0'
InternalName: 'node'
LegalCopyright: 'Copyright Node.js contributors. MIT license.'
OriginalFilename: 'node.exe'
ProductName: 'Node.js'
ProductVersion: '16.16.0'

this cannot be changed currently using authenticode-js from the cli,
but it can be changed programmatically exehandler.setVersionInfo({ CompanyName: "My Company Ltd" });
or using other software
please can this be added to the cli?

Text strings not updating

authenticode.js stopped working for me with the MeshCentral 1.1.1 version update. It signs the executable, but the FileDescription and ProductName are not changed. My method is to have node pre-installed on my Linux desktop, then scp the MeshAgent64.exe file from the node_modules/meshcentral/agents directory on my remote server to my home folder. I also copy authenticode.js and pkcs7-modified.js files from the node_modules/meshcentral directory. Then I run the sign command in my home dir.

This has worked since authenticode.js was released. Today it is not changing the string fields.

Here is my command and output, with some generic text and hashes obfuscated:

node authenticode sign --pem CACodeSign.pem --url "https://host.domain.com?serverid=577C195...9ABE1C007" --time http://timestamp.sectigo.com --desc "Description goes here" --productname "ProductX" --filedescription "not a file description" --exe MeshService64.exe
Signing to MeshService64-out.exe
Done.

Then I check it with this command:

node authenticode info --exe MeshService64-out.exe
Version Information:
  FileVersion: 0.0.0.0
  ProductVersion: 0.0.0.0
String Information:
  FileDescription: "MeshCentral Background Service Agent"
  FileVersion: "2022-Dec-2 11:42:16-0800"
  LegalCopyright: "Apache 2.0 License"
  ProductName: "MeshCentral Agent"
  ProductVersion: "Commit: 2022-Dec-2 11:42:16-0800"
Checksum Information:
  Header CheckSum: 0x34db65
  Actual CheckSum: 0x34db65
Signature Information:
  Hash Method: sha384
  Signed Hash: 0bd1758...106b170f546
  Actual Hash: 0bd17587d4f...170f546
Signature Attributes:
  Description goes here
  https://host.domain.com?serverid=577C1958AD...ABE1C007

The description gets updated, but the productname and filedescription do not.

func is not a function 

TypeError: func is not a function
    at C:\Users\sas_2\Documents\Developer\ourbackups\node_modules\authenticode-js\authenticode.js:1557:32
    at IncomingMessage.<anonymous> (C:\Users\sas_2\Documents\Developer\ourbackups\node_modules\authenticode-js\authenticode.js:1590:45)
    at IncomingMessage.emit (node:events:539:35)
    at endReadableNT (node:internal/streams/readable:1345:12)
    at processTicksAndRejections (node:internal/process/task_queues:83:21)

createAuthenticodeHandler keeps returning null

Code:

const path = require('path');
const file = path.resolve('dist\\ourbackups-win64.exe');
console.log(file);
const exehandler = require("authenticode-js").createAuthenticodeHandler(file);
console.log(exehandler);

Output:

PS C:\Users\sas_2\Documents\Developer\ourbackups> node .\mytest.js
C:\Users\sas_2\Documents\Developer\ourbackups\dist\ourbackups-win64.exe
null
PS C:\Users\sas_2\Documents\Developer\ourbackups>

But the file does exist

PS C:\Users\sas_2\Documents\Developer\ourbackups> C:\Users\sas_2\Documents\Developer\ourbackups\dist\ourbackups-win64.exe
2022-08-21 10:08:52.290 missing which backup
PS C:\Users\sas_2\Documents\Developer\ourbackups>

Unable to parse executable file when using pkg

I have a number of executable files created using pkg. None of them seem to work with Authenticode-JS. I get ERR_OUT_OF_RANGE node:internal/buffer:86 when parsing either of my exe's and a friendly error of "Unable to parse executable file"

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.