Re: signcode vs signtool

From: Michel Gallant (neutron_at_istar.ca)
Date: 08/31/05 

Date: Wed, 31 Aug 2005 09:15:54 -0400

Yes I forgot about that script PVKCertsWMI.vbs :)

I also forgot to mention that the KeyContainerTool utility uses a SIGNED Java applet
to acquire permissions (prompting the user) to read the registry to get the storenames
(identical to the VBScript below). I wrote it at a time when almost everyone had the
MS JVM installed by default, so it worked with no further downloads required :).

However, that applet implements registry reads (very easily) using Microsoft's own
JVM which as we know is being phased out now and is not recommended and won't be supported.
So the reason it probably did not run for you is that you have IE configured to point to
another JVM (like the recommended Sun JVM). In fact, you may not even have Microsoft's
JVM installed on your OS (later XP systems or higher).
However, the following utility can show you if you have that JVM and can toogle back and forth
quickly (from Sun to Microsoft's JVM):
   http://www.jensign.com/JavaScience/SelectIEJVM
(implemented as an hta .. right-click to download and execute).
Also, that KeyContainerTool requires CAPICOM 2. to be installed and registered.

Cheers,
 - Mitch Gallant
   MVP Security
   www.jensign.com

"Scott Zabolotzky" <zabolots@ripco.com> wrote in message news:df36fr$ejl$1@e250.ripco.com...
> Thank you!Thank you!Thank you!Thank you!Thank you! :-)
>
> Although I couldn't get the tool on the URL to run (for some reason
> the applet wouldn't init properly in IE) the author of that tool
> had a sample VB script that does the same thing:
>
> http://www.jensign.com/JavaScience/cryptoutils/PVKCertsWMI.txt
>
> This printed out the GUID for the key container name and I can now
> sign the CAB file using signcode with the /k parameter!!
>
> Thanks again!
>
> Scott
>
> "Michel Gallant" <neutron@istar.ca> writes:
>
>>Here's a utility to list all CrypoAPI store names (as enumerated via the registry) for either
>>the CU or LM stores . It also lists all keycontainer names for certs containing
>>associated private keys, as well as orphaned keypairs:
>> http://www.jensign.com/JavaScience/KeyContainerTool
>

Relevant Pages

  • [Full-disclosure] Anti-DNS Pinning and Java Applets
    ... Standard JVM DNS Behavior ... If the applet is untrusted, socket connections are limited to the origin server, but allowing any port. ... Princeton Attack Summary ...
    (Full-Disclosure)
  • Re: What JVMs on which OSs ?
    ... The most important part of 'Java is almost universal' is how ... Some of the reasons I think JVM is universal: ... IBM TP's) I've tried to show applet demos had JVM, ... a small download and searching w/b instanteneous. ...
    (comp.lang.java.programmer)
  • Re: Java Timer, swing
    ... I visit a page with an applet and my Celeron 1.7GH ... skip/stall, my mouse to skip, etc, with the Microsoft JVM I barely ... not due to any "Java destroying proprietary feature" the ...
    (comp.lang.java.programmer)
  • Re: Applet images caching
    ... would be perfect if I can use the applet over MSJVM). ... Whether that works 'as expected' in a browser's JVM is another ... you need to display it. ... This allowed me to run slideshows of 100's of images within ...
    (comp.lang.java.programmer)
  • Re: Using applets
    ... The MS KB states that the provided link, will not install the MS JVM, it will update the MS JVM if ... FrontPage Resources, WebCircle, MS KB Quick Links, etc. ... Point them to the manual download do not set the applet to install the JVM on demand. ...
    (microsoft.public.frontpage.client)