diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2016-01-16 16:50:33 +0100 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2016-01-17 10:52:26 +0100 |
commit | dd1e62ebcd62338b2cf16ebab6157c9e74416a0e (patch) | |
tree | cf1e9e47539727c9c1db34c6a01a874e9d423ee8 /src/Signing | |
parent | a6c6c3dc4abfbd0e55cd7f30d2b6645595840aea (diff) | |
download | VeraCrypt-dd1e62ebcd62338b2cf16ebab6157c9e74416a0e.tar.gz VeraCrypt-dd1e62ebcd62338b2cf16ebab6157c9e74416a0e.zip |
Windows: Add SHA-256 EV Code Signing using the new GlobalSign certificate on top of the SHA-1 code signing. Create new SHA256 test code signing certificate and update test signing script.
Diffstat (limited to 'src/Signing')
-rw-r--r-- | src/Signing/GlobalSign_R1Cross.cer | 26 | ||||
-rw-r--r-- | src/Signing/GlobalSign_Root_CA_MS_Cross_Cert.crt | 30 | ||||
-rw-r--r-- | src/Signing/GlobalSign_SHA256_EV_CodeSigning_CA.cer | bin | 0 -> 1155 bytes | |||
-rw-r--r-- | src/Signing/TestCertificate/idrix_SHA256TestRootCA.crt | 35 | ||||
-rw-r--r-- | src/Signing/TestCertificate/idrix_Sha256CodeSign.pfx | bin | 0 -> 3243 bytes | |||
-rw-r--r-- | src/Signing/sign.bat | 13 | ||||
-rw-r--r-- | src/Signing/sign_test.bat | 12 |
7 files changed, 106 insertions, 10 deletions
diff --git a/src/Signing/GlobalSign_R1Cross.cer b/src/Signing/GlobalSign_R1Cross.cer new file mode 100644 index 00000000..9274e71e --- /dev/null +++ b/src/Signing/GlobalSign_R1Cross.cer @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE-----
+MIIEXTCCA0WgAwIBAgILBAAAAAABJQcd+a8wDQYJKoZIhvcNAQELBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0wOTExMTgxMDAw
+MDBaFw0xOTAzMTgxMDAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBD
+QSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCV2kHkGeCIW9cCDtoTK
+KJ79BXYRxa2IcvxGAkPHsoqdBF8kyy5L4WCCRuFSqwyBR3Bs3WTR6/Usow+CPQwr
+rpfXthSGEHm7OxOAd4wI4UnSamIvH176lmjfiSeVOJ8G1z7JyyZZDXPesMjpJg6D
+FcbvW4vSBGDKSaYo9mk79svIKJHlnYphVzesdBTcdOA67nIvLpz70Lu/9T0A4QYz
+6IIrrlOmOhZzjN1BDiA6wLSnoemyT5AuMmDpV8u5BJJoaOU4JmB1sp93/5EU764g
+SfytQBVI0QIxYRleuJfvrXe3ZJp6v1/BE++bYvsNbOBUaRapA9pu6YOTcXbGaYWC
+FwIDAQABo4IBMzCCAS8wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+HQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOai97i3Ru8MEYGA1UdIAQ/MD0wOwYEVR0g
+ADAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdsb2JhbHNpZ24ubmV0L3JlcG9z
+aXRvcnkvMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5u
+ZXQvcm9vdC5jcmwwTwYIKwYBBQUHAQEEQzBBMD8GCCsGAQUFBzABhjNodHRwOi8v
+b2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTFNIQTI1NkNBQ3Jvc3MwHwYD
+VR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZIhvcNAQELBQADggEB
+AEJSqX6iz1s7y0vduvhXWdMkpHdy72JEN4LtBu4E1RZfJKMU3GxUBWqwmz3agTna
+rSjblW+Bg/XNYrFFJLHdKeUIVJWVjPAdBl8a1kY/E0AXSBEWm0dN0Tq1D1cckjDQ
++LIlOwrN9of5x7JX0z99pYwUzpyox59Gk9pZ+nldZSA1RFpPwZCdwVSSVtw0yPXB
+A9BdwFlInAD8laDx0Xb3FjbIE5J/LSvAuIDxJiYfQU1Svx6XuwGCCOcV9sHVNCrM
+9eTDh3pXgeHW10KGYgF34qnEeob0BDh6B2p9AOxz96gLNHjFnrPvuDhADowzU8h1
+7F8+6nVe/4IOdBXcGQXzujE=
+-----END CERTIFICATE-----
diff --git a/src/Signing/GlobalSign_Root_CA_MS_Cross_Cert.crt b/src/Signing/GlobalSign_Root_CA_MS_Cross_Cert.crt new file mode 100644 index 00000000..32c4b620 --- /dev/null +++ b/src/Signing/GlobalSign_Root_CA_MS_Cross_Cert.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE-----
+MIIFJjCCAw6gAwIBAgIKYSkVJwAAAAAAKjANBgkqhkiG9w0BAQUFADB/MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe
+MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQDEyBNaWNyb3Nv
+ZnQgQ29kZSBWZXJpZmljYXRpb24gUm9vdDAeFw0xMTA0MTUxOTU1MDhaFw0yMTA0
+MTUyMDA1MDhaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52
+LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3Qg
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZjc6j40+Kfvvx
+i4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6scTHAH
+oT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4
+bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVt
+bNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlw
+R5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N89iFo7+ryUp9/
+k5DPAgMBAAGjgcswgcgwEQYDVR0gBAowCDAGBgRVHSAAMAsGA1UdDwQEAwIBhjAP
+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzAf
+BgNVHSMEGDAWgBRi+wohW39DbhHaCVRQa/XSlnHxnjBVBgNVHR8ETjBMMEqgSKBG
+hkRodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNy
+b3NvZnRDb2RlVmVyaWZSb290LmNybDANBgkqhkiG9w0BAQUFAAOCAgEAX/jQZXRq
+gcamylsDtpFK6Eu97yuhQvDvtKWtzTOJ7AuVhaxiUBEIqljSWqCDEOWmM3ryWvLF
+/nh88JyD3xkK2XOWAC3WLM3pFNQdneg/PBp295BO+wE1CmyTE6DDVutnoOTRepbe
+wmfxkPgKe/UyG5TsX3UfjRs02mxYp8stJ54iJrfJqjDMB3e4NuOCAbU5PMyN2adf
+fyOzh3/bV5iRi9fOJSDjnWRP3Yf3K2hJAxjgpd98X2hkTTaDjUeB8ungqGmr+nsW
+PAWkSeqIMBkKbHMFUXjf1B3dOtR/LeROVL6DQx56dDO0pOvXcHO8KgKYiWbu9ryP
+dJN44ykCWlpD4ljOfM+aytI2iTviX9omBU7I1OcskQ4Xl8W+7osTESMjKU/6g9BQ
+9rr61T2zFz30/wNKoyXc5nVh0fo1CGvWJ0TQaLeNReDrhSzIoV1hRHQWDllYrtK1
+7qW81tcHarYpeP2XZ2fdjU8XlE/S7QyvlyQ3w6Kcgdpr4UO2V3tM7L95Exnnn+hE
+6UeBt15wHpH4PdF7J/ULcFZDSAXdqS+rhhAdCxLjGtBMbnXe1kWzC3SIh5NcVkpB
+Apr3rreZ2LZ/iPoR8kV89NcbkcAc8aD71AgKQRoUKs706zRIbmaHntVLejl/uw49
+OGHPc1cG5BIGa9lrUwjNcBjCLU+XRpG8qfA=
+-----END CERTIFICATE-----
diff --git a/src/Signing/GlobalSign_SHA256_EV_CodeSigning_CA.cer b/src/Signing/GlobalSign_SHA256_EV_CodeSigning_CA.cer Binary files differnew file mode 100644 index 00000000..6cdc7000 --- /dev/null +++ b/src/Signing/GlobalSign_SHA256_EV_CodeSigning_CA.cer diff --git a/src/Signing/TestCertificate/idrix_SHA256TestRootCA.crt b/src/Signing/TestCertificate/idrix_SHA256TestRootCA.crt new file mode 100644 index 00000000..398b1692 --- /dev/null +++ b/src/Signing/TestCertificate/idrix_SHA256TestRootCA.crt @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGKDCCBBCgAwIBAgIJAPNwP4lI5IZwMA0GCSqGSIb3DQEBCwUAMIGjMQswCQYD +VQQGEwJGUjEPMA0GA1UECBMGRlJBTkNFMQ4wDAYDVQQHEwVQQVJJUzEOMAwGA1UE +ChMFSURSSVgxITAfBgNVBAsTGFNlcnZpY2UgZGUgQ2VydGlmaWNhdGlvbjEfMB0G +A1UEAxMWSURSSVggVGVzdCBTSEEyNTYgUm9vdDEfMB0GCSqGSIb3DQEJARYQY29u +dGFjdEBpZHJpeC5mcjAeFw0xNjAxMTYxMTUwMDBaFw0zNjAxMTExMTUwMDBaMIGj +MQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRlJBTkNFMQ4wDAYDVQQHEwVQQVJJUzEO +MAwGA1UEChMFSURSSVgxITAfBgNVBAsTGFNlcnZpY2UgZGUgQ2VydGlmaWNhdGlv +bjEfMB0GA1UEAxMWSURSSVggVGVzdCBTSEEyNTYgUm9vdDEfMB0GCSqGSIb3DQEJ +ARYQY29udGFjdEBpZHJpeC5mcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBANuY1v1iYcZ9LQbIqSA/gmhci27aUiD/hLGLyp4EvR31qVNdDbPX9BoL+Eky +OK5UwmlpYeJ1ClQm4dRL/eYVga02xk1HBbFzMdEd4BTihymdmyjEmefFulfieXmp +eHqv5+vQIs7lv5izjHKYoXjrlU0udVUodkYRxzU52rKOhoJeiv83WxilMvip1/5i +hk5PFlqHV+fPwZ5sUzVWqtRiO8a/GQsqU76nbOcpDC2XFWkQZ3r8Y9KMwcCO6/2W +l64XP1nuwSAvPDa/22uOddTYindrTRSE5/Sdt5/WmO0RUJJHcLREUhLholaLO9et +isQL3jpvxzNWPGrP+Qnq3rjLRTCW2MlztsalQTnAZVdAWkWpIdse3rAea0rrH9sD +CBuQP5ZHIGHJIEwJ7lDuX4MW/qsYNXgjgr2oEQMEfCAOhlWyij1rw/5w89MHeBYv +iZvDv3+Ut3oENoWKqoCiAOw7pOX7ucDlaTTd9AT6oNHGVUhzfFWQG6+ep8JZbFYc +CKc0jePYCCjmiiP0BkT9k8COBXfofylG1NHgtaevn4UzZecN5vd4DLR55iwLjZl/ +0YQ6QADH8mPkHGBjthLgE0Aw4nmolKNnjuYHJq0CsoalcGIizfz62aWKkEzVW7xo +UWLkdnOc9mlWWLlzoxjrNZ4Nd0x+tCtE98lEsj8EgKmI9xpbAgMBAAGjXTBbMB0G +A1UdDgQWBBS/pppkb7p9BT/BVTiGqiiP2681HDAfBgNVHSMEGDAWgBS/pppkb7p9 +BT/BVTiGqiiP2681HDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG +9w0BAQsFAAOCAgEAVslsFGfU9luvWD9+/vfgcqUvLGL8jZPxgHZWD+nzEDjFdETp +H9N9LVH3hu7eg8ZwU4CnpUujoo+t73GxS4prbzzThZ98uFAxYEcVzKndPa662d8U +D0Jl5+bCyMhOIl1OpDG5vV/YReWfpfmBMdZvX7ax8fqtqsoxi/zuqiWeMxMc6GHt +TOupBVanW4Bw6PhVEnjZRQMMbv/0W11NBI6m6yVKGnJUcmMx1Pyc8xg34QgHmhOj +EQ0WaNW5BgDwcPTA5lKnhWZ8JUk86vvNhqf0AY9Kqa9iMLRLBHTp8UV9daA4UMDp +jjgukdYouNWb5rFbJtFdKYUYPTB0AWVDC+3ML97lZzyNS7H/DeBZS6V/5f+yartk +t7berj9NXi+1jU+a3O45yrvSleahyBuKyCzL3E/fTdgyoLFEoh8xN62/wfwe7DnV +onsekRnSDJnwKKZdkGN/xzsk3l0gcfLLq58Tk0wuLOZBtYF8H728VsQW+WPXGzpr +l7V5j5mllxw/EB4rUQa1c9Nea0+E0nloor0vgLVdvnYc9fDvVUNVOUt9uw8kFTmA +qXn194A/SKA2ZBJ8Y3kxQe+lFXvqRMz4HaCGeK7VBcvoRE0TTdkpiM+m7fFo7cOL +YdhffQjie2l4ACygMeU7ggw1cM7gFa820MnV04SGHiMQ19F5p3rn0wDITT0= +-----END CERTIFICATE----- diff --git a/src/Signing/TestCertificate/idrix_Sha256CodeSign.pfx b/src/Signing/TestCertificate/idrix_Sha256CodeSign.pfx Binary files differnew file mode 100644 index 00000000..44dd3f6b --- /dev/null +++ b/src/Signing/TestCertificate/idrix_Sha256CodeSign.pfx diff --git a/src/Signing/sign.bat b/src/Signing/sign.bat index 8c1e3920..d1d6652f 100644 --- a/src/Signing/sign.bat +++ b/src/Signing/sign.bat @@ -1,12 +1,13 @@ PATH=%PATH%;%WSDK81%\bin\x86
rem sign using SHA-1
-signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
-signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+signtool sign /v /a /n IDRIX /i Thawte /ac thawte_Primary_MS_Cross_Cert.cer /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
+signtool sign /v /a /n IDRIX /i Thawte /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
rem sign using SHA-256
-signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
-signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+signtool sign /v /a /n "IDRIX SARL" /i GlobalSign /ac GlobalSign_Root_CA_MS_Cross_Cert.crt /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
+signtool sign /v /a /n "IDRIX SARL" /i GlobalSign /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+
cd "..\Release\Setup Files\"
@@ -19,8 +20,8 @@ del *.xml cd "..\..\Signing"
rem sign using SHA-1
-signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
+signtool sign /v /a /n IDRIX /i Thawte /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
rem sign using SHA-256
-signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
+signtool sign /v /a /n "IDRIX SARL" /i GlobalSign /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
pause
diff --git a/src/Signing/sign_test.bat b/src/Signing/sign_test.bat index c36f0536..9daf78e4 100644 --- a/src/Signing/sign_test.bat +++ b/src/Signing/sign_test.bat @@ -2,12 +2,16 @@ PATH=%PATH%;%WSDK81%\bin\x86 set PFXNAME=TestCertificate\idrix_codeSign.pfx
set PFXPASSWORD=idrix
+set PFXCA=TestCertificate\idrix_TestRootCA.crt
+set SHA256PFXNAME=TestCertificate\idrix_Sha256CodeSign.pfx
+set SHA256PFXPASSWORD=idrix
+set SHA256PFXCA=TestCertificate\idrix_SHA256TestRootCA.crt
rem sign using SHA-1
-signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
rem sign using SHA-256
-signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
cd "..\Release\Setup Files\"
@@ -20,9 +24,9 @@ del *.xml cd "..\..\Signing"
rem sign using SHA-1
-signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
+signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
rem sign using SHA-256
-signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
+signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
pause
\ No newline at end of file |