ylianst / authenticode-js Goto Github PK
View Code? Open in Web Editor NEWPure NodeJS module and tool for code signing Windows executables
License: Apache License 2.0
Pure NodeJS module and tool for code signing Windows executables
License: Apache License 2.0
Went round and round with Sectigo, finally got a certificate. Had to convert to pem format. When signing with authenticode-js, the title error was displayed. Looking in the code, I found that with one change I could make it work.
At line 67, the program is looking for the private key:
var PemKeys = pem.split('-----BEGIN RSA PRIVATE KEY-----');
but in my pem file, the header is "-----BEGIN PRIVATE KEY-----". I don't know if it was a mistake in how I converted the file or something else. I edited my pem file and added the "RSA " where indicated, and reran the code signing. This time it worked. info showed proper signing, and Properties in Windows displayed my certificate.
Hi,
not sure if its a bug or me being stupid,
it signs correctly but the timestamps are missing?
both in the signature list AND the signer information sections?
also the countersignatures is blank too?
node authenticode.js sign --exe /opt/meshcentral/meshcentral-data/signedagents/MeshService64.exe --out /opt/meshcentral/meshcentral-data/signedagents/MeshService64out.exe --pem /opt/meshcentral/meshcentral-data/mycert/trythis.pem --url http://timestamp.comodoca.com
when i read node.exe the is an attribute for the companyname which gets shows in Windows Explorer when you hover over the file
~FileVersion: '16.16.0.0'
~ProductVersion: '16.16.0.0'
CompanyName: 'Node.js'
FileDescription: 'Node.js JavaScript Runtime'
FileVersion: '16.16.0'
InternalName: 'node'
LegalCopyright: 'Copyright Node.js contributors. MIT license.'
OriginalFilename: 'node.exe'
ProductName: 'Node.js'
ProductVersion: '16.16.0'
this cannot be changed currently using authenticode-js from the cli,
but it can be changed programmatically exehandler.setVersionInfo({ CompanyName: "My Company Ltd" });
or using other software
please can this be added to the cli?
authenticode.js stopped working for me with the MeshCentral 1.1.1 version update. It signs the executable, but the FileDescription and ProductName are not changed. My method is to have node pre-installed on my Linux desktop, then scp the MeshAgent64.exe file from the node_modules/meshcentral/agents directory on my remote server to my home folder. I also copy authenticode.js and pkcs7-modified.js files from the node_modules/meshcentral directory. Then I run the sign command in my home dir.
This has worked since authenticode.js was released. Today it is not changing the string fields.
Here is my command and output, with some generic text and hashes obfuscated:
node authenticode sign --pem CACodeSign.pem --url "https://host.domain.com?serverid=577C195...9ABE1C007" --time http://timestamp.sectigo.com --desc "Description goes here" --productname "ProductX" --filedescription "not a file description" --exe MeshService64.exe
Signing to MeshService64-out.exe
Done.
Then I check it with this command:
node authenticode info --exe MeshService64-out.exe
Version Information:
FileVersion: 0.0.0.0
ProductVersion: 0.0.0.0
String Information:
FileDescription: "MeshCentral Background Service Agent"
FileVersion: "2022-Dec-2 11:42:16-0800"
LegalCopyright: "Apache 2.0 License"
ProductName: "MeshCentral Agent"
ProductVersion: "Commit: 2022-Dec-2 11:42:16-0800"
Checksum Information:
Header CheckSum: 0x34db65
Actual CheckSum: 0x34db65
Signature Information:
Hash Method: sha384
Signed Hash: 0bd1758...106b170f546
Actual Hash: 0bd17587d4f...170f546
Signature Attributes:
Description goes here
https://host.domain.com?serverid=577C1958AD...ABE1C007
The description gets updated, but the productname and filedescription do not.
TypeError: func is not a function
at C:\Users\sas_2\Documents\Developer\ourbackups\node_modules\authenticode-js\authenticode.js:1557:32
at IncomingMessage.<anonymous> (C:\Users\sas_2\Documents\Developer\ourbackups\node_modules\authenticode-js\authenticode.js:1590:45)
at IncomingMessage.emit (node:events:539:35)
at endReadableNT (node:internal/streams/readable:1345:12)
at processTicksAndRejections (node:internal/process/task_queues:83:21)
Code:
const path = require('path');
const file = path.resolve('dist\\ourbackups-win64.exe');
console.log(file);
const exehandler = require("authenticode-js").createAuthenticodeHandler(file);
console.log(exehandler);
Output:
PS C:\Users\sas_2\Documents\Developer\ourbackups> node .\mytest.js
C:\Users\sas_2\Documents\Developer\ourbackups\dist\ourbackups-win64.exe
null
PS C:\Users\sas_2\Documents\Developer\ourbackups>
But the file does exist
PS C:\Users\sas_2\Documents\Developer\ourbackups> C:\Users\sas_2\Documents\Developer\ourbackups\dist\ourbackups-win64.exe
2022-08-21 10:08:52.290 missing which backup
PS C:\Users\sas_2\Documents\Developer\ourbackups>
I have a number of executable files created using pkg. None of them seem to work with Authenticode-JS. I get ERR_OUT_OF_RANGE node:internal/buffer:86 when parsing either of my exe's and a friendly error of "Unable to parse executable file"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.