DigiCert keylocker signed msi file (using smctl) has a hexadecimal name appear during install

112 views Asked by At

We have an .msi installer file we are code signing using smctl. It all works ok apart from the fact a hexadecimal file name appears during install confusing our customers.

The name of the MSI file is 'DockInstaller.msi', but when the screen blanks out during install to get permission the dialog says;

Do you want to allow this App to make changes to your device.

3e817f22.msi

Now it looks like if I use SignTool.exe you can add /d "Name" to the end of the sign command, which will name the temporary file created during the signing process. So I would like to create a SignTool sign command which will work and then I can add the /d bit at the end.

Our smctl command looks like this;

smctl sign --verbose --keypair-alias=key_123456789 --input C:\Users\desktop_user\Desktop\DockInstaller.msi

smctl sends the following internal command to SignTool;

signtool sign  /tr http://timestamp.digicert.com /td SHA256  /fd  SHA256   /csp "DigiCert Signing Manager KSP" /kc "key_123456789" /f "C:\Users\DESKTO~1\AppData\Local\Temp\900335191\key_123456789_certificate.pem"  "C:\Users\desktop_user\Desktop\DockInstaller.msi"

If I run that in cmd it fails, probably because the Temp folder exists only briefly.

Also our key is a .p12 file, so smctl must be converting it to a .pem and puting that in the Temp folder. I tried converting the .p12 to a .pem but that didn't work;

Any one had similar issues?

0

There are 0 answers