Re: Digital Signature of the object did not verify
From: Daniel Sie [MSFT] (dsie_at_online.microsoft.com)
Date: Mon, 11 Oct 2004 20:07:35 -0700
You need to use the Authenticode engine to sign executables. You can either
use SignTool.exe utility or programmatically with CAPICOM SignedCode class.
-- Thanks, Daniel Sie [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. "Michael Leung" <firstname.lastname@example.org> wrote in message news:O3beTGBrEHA.3848@TK2MSFTNGP14.phx.gbl... > Hi, > > I have added a digital signature to an executable (.exe file) but it said > "The digital signature of the object did not verify". I don't know what I > have done wrong. > > - I signed hash of the to-be-signed executable by calling CryptHashData > with the data being the bytes of the EXE, followed by a call to > CryptSignHash to sign the hash with the private key. > > - I then created a HCRYPTMSG using CryptMsgOpenToEncode specifying > CMSG_DETACHED_FLAG and CMSG_AUTHENTICATED_ATTRIBUTES_FLAG. > > - I added the signed hash to the HCRYPTMSG using CryptMsgUpdate. > > - Got the entire PKCS#7 message using CryptMsgGetParam with > CMSG_CONTENT_PARAM and added it to the executable using > ImageAddCertificate. > > Not sure if this is the proper way to include the hash but I don't know > any other way. > > Please help, > Michael.