VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Signing
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2016-01-16 16:50:33 +0100
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2016-01-17 10:52:26 +0100
commitdd1e62ebcd62338b2cf16ebab6157c9e74416a0e (patch)
treecf1e9e47539727c9c1db34c6a01a874e9d423ee8 /src/Signing
parenta6c6c3dc4abfbd0e55cd7f30d2b6645595840aea (diff)
downloadVeraCrypt-dd1e62ebcd62338b2cf16ebab6157c9e74416a0e.tar.gz
VeraCrypt-dd1e62ebcd62338b2cf16ebab6157c9e74416a0e.zip
Windows: Add SHA-256 EV Code Signing using the new GlobalSign certificate on top of the SHA-1 code signing. Create new SHA256 test code signing certificate and update test signing script.
Diffstat (limited to 'src/Signing')
-rw-r--r--src/Signing/GlobalSign_R1Cross.cer26
-rw-r--r--src/Signing/GlobalSign_Root_CA_MS_Cross_Cert.crt30
-rw-r--r--src/Signing/GlobalSign_SHA256_EV_CodeSigning_CA.cerbin0 -> 1155 bytes
-rw-r--r--src/Signing/TestCertificate/idrix_SHA256TestRootCA.crt35
-rw-r--r--src/Signing/TestCertificate/idrix_Sha256CodeSign.pfxbin0 -> 3243 bytes
-rw-r--r--src/Signing/sign.bat13
-rw-r--r--src/Signing/sign_test.bat12
7 files changed, 106 insertions, 10 deletions
diff --git a/src/Signing/GlobalSign_R1Cross.cer b/src/Signing/GlobalSign_R1Cross.cer
new file mode 100644
index 00000000..9274e71e
--- /dev/null
+++ b/src/Signing/GlobalSign_R1Cross.cer
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEXTCCA0WgAwIBAgILBAAAAAABJQcd+a8wDQYJKoZIhvcNAQELBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0wOTExMTgxMDAw
+MDBaFw0xOTAzMTgxMDAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBD
+QSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCV2kHkGeCIW9cCDtoTK
+KJ79BXYRxa2IcvxGAkPHsoqdBF8kyy5L4WCCRuFSqwyBR3Bs3WTR6/Usow+CPQwr
+rpfXthSGEHm7OxOAd4wI4UnSamIvH176lmjfiSeVOJ8G1z7JyyZZDXPesMjpJg6D
+FcbvW4vSBGDKSaYo9mk79svIKJHlnYphVzesdBTcdOA67nIvLpz70Lu/9T0A4QYz
+6IIrrlOmOhZzjN1BDiA6wLSnoemyT5AuMmDpV8u5BJJoaOU4JmB1sp93/5EU764g
+SfytQBVI0QIxYRleuJfvrXe3ZJp6v1/BE++bYvsNbOBUaRapA9pu6YOTcXbGaYWC
+FwIDAQABo4IBMzCCAS8wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+HQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOai97i3Ru8MEYGA1UdIAQ/MD0wOwYEVR0g
+ADAzMDEGCCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdsb2JhbHNpZ24ubmV0L3JlcG9z
+aXRvcnkvMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5u
+ZXQvcm9vdC5jcmwwTwYIKwYBBQUHAQEEQzBBMD8GCCsGAQUFBzABhjNodHRwOi8v
+b2NzcC5nbG9iYWxzaWduLmNvbS9FeHRlbmRlZFNTTFNIQTI1NkNBQ3Jvc3MwHwYD
+VR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZIhvcNAQELBQADggEB
+AEJSqX6iz1s7y0vduvhXWdMkpHdy72JEN4LtBu4E1RZfJKMU3GxUBWqwmz3agTna
+rSjblW+Bg/XNYrFFJLHdKeUIVJWVjPAdBl8a1kY/E0AXSBEWm0dN0Tq1D1cckjDQ
++LIlOwrN9of5x7JX0z99pYwUzpyox59Gk9pZ+nldZSA1RFpPwZCdwVSSVtw0yPXB
+A9BdwFlInAD8laDx0Xb3FjbIE5J/LSvAuIDxJiYfQU1Svx6XuwGCCOcV9sHVNCrM
+9eTDh3pXgeHW10KGYgF34qnEeob0BDh6B2p9AOxz96gLNHjFnrPvuDhADowzU8h1
+7F8+6nVe/4IOdBXcGQXzujE=
+-----END CERTIFICATE-----
diff --git a/src/Signing/GlobalSign_Root_CA_MS_Cross_Cert.crt b/src/Signing/GlobalSign_Root_CA_MS_Cross_Cert.crt
new file mode 100644
index 00000000..32c4b620
--- /dev/null
+++ b/src/Signing/GlobalSign_Root_CA_MS_Cross_Cert.crt
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFJjCCAw6gAwIBAgIKYSkVJwAAAAAAKjANBgkqhkiG9w0BAQUFADB/MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe
+MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQDEyBNaWNyb3Nv
+ZnQgQ29kZSBWZXJpZmljYXRpb24gUm9vdDAeFw0xMTA0MTUxOTU1MDhaFw0yMTA0
+MTUyMDA1MDhaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52
+LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3Qg
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZjc6j40+Kfvvx
+i4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavpxy0Sy6scTHAH
+oT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp1Wrjsok6Vjk4
+bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdGsnUOhugZitVt
+bNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJU26Qzns3dLlw
+R5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N89iFo7+ryUp9/
+k5DPAgMBAAGjgcswgcgwEQYDVR0gBAowCDAGBgRVHSAAMAsGA1UdDwQEAwIBhjAP
+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzAf
+BgNVHSMEGDAWgBRi+wohW39DbhHaCVRQa/XSlnHxnjBVBgNVHR8ETjBMMEqgSKBG
+hkRodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNy
+b3NvZnRDb2RlVmVyaWZSb290LmNybDANBgkqhkiG9w0BAQUFAAOCAgEAX/jQZXRq
+gcamylsDtpFK6Eu97yuhQvDvtKWtzTOJ7AuVhaxiUBEIqljSWqCDEOWmM3ryWvLF
+/nh88JyD3xkK2XOWAC3WLM3pFNQdneg/PBp295BO+wE1CmyTE6DDVutnoOTRepbe
+wmfxkPgKe/UyG5TsX3UfjRs02mxYp8stJ54iJrfJqjDMB3e4NuOCAbU5PMyN2adf
+fyOzh3/bV5iRi9fOJSDjnWRP3Yf3K2hJAxjgpd98X2hkTTaDjUeB8ungqGmr+nsW
+PAWkSeqIMBkKbHMFUXjf1B3dOtR/LeROVL6DQx56dDO0pOvXcHO8KgKYiWbu9ryP
+dJN44ykCWlpD4ljOfM+aytI2iTviX9omBU7I1OcskQ4Xl8W+7osTESMjKU/6g9BQ
+9rr61T2zFz30/wNKoyXc5nVh0fo1CGvWJ0TQaLeNReDrhSzIoV1hRHQWDllYrtK1
+7qW81tcHarYpeP2XZ2fdjU8XlE/S7QyvlyQ3w6Kcgdpr4UO2V3tM7L95Exnnn+hE
+6UeBt15wHpH4PdF7J/ULcFZDSAXdqS+rhhAdCxLjGtBMbnXe1kWzC3SIh5NcVkpB
+Apr3rreZ2LZ/iPoR8kV89NcbkcAc8aD71AgKQRoUKs706zRIbmaHntVLejl/uw49
+OGHPc1cG5BIGa9lrUwjNcBjCLU+XRpG8qfA=
+-----END CERTIFICATE-----
diff --git a/src/Signing/GlobalSign_SHA256_EV_CodeSigning_CA.cer b/src/Signing/GlobalSign_SHA256_EV_CodeSigning_CA.cer
new file mode 100644
index 00000000..6cdc7000
--- /dev/null
+++ b/src/Signing/GlobalSign_SHA256_EV_CodeSigning_CA.cer
Binary files differ
diff --git a/src/Signing/TestCertificate/idrix_SHA256TestRootCA.crt b/src/Signing/TestCertificate/idrix_SHA256TestRootCA.crt
new file mode 100644
index 00000000..398b1692
--- /dev/null
+++ b/src/Signing/TestCertificate/idrix_SHA256TestRootCA.crt
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGKDCCBBCgAwIBAgIJAPNwP4lI5IZwMA0GCSqGSIb3DQEBCwUAMIGjMQswCQYD
+VQQGEwJGUjEPMA0GA1UECBMGRlJBTkNFMQ4wDAYDVQQHEwVQQVJJUzEOMAwGA1UE
+ChMFSURSSVgxITAfBgNVBAsTGFNlcnZpY2UgZGUgQ2VydGlmaWNhdGlvbjEfMB0G
+A1UEAxMWSURSSVggVGVzdCBTSEEyNTYgUm9vdDEfMB0GCSqGSIb3DQEJARYQY29u
+dGFjdEBpZHJpeC5mcjAeFw0xNjAxMTYxMTUwMDBaFw0zNjAxMTExMTUwMDBaMIGj
+MQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRlJBTkNFMQ4wDAYDVQQHEwVQQVJJUzEO
+MAwGA1UEChMFSURSSVgxITAfBgNVBAsTGFNlcnZpY2UgZGUgQ2VydGlmaWNhdGlv
+bjEfMB0GA1UEAxMWSURSSVggVGVzdCBTSEEyNTYgUm9vdDEfMB0GCSqGSIb3DQEJ
+ARYQY29udGFjdEBpZHJpeC5mcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBANuY1v1iYcZ9LQbIqSA/gmhci27aUiD/hLGLyp4EvR31qVNdDbPX9BoL+Eky
+OK5UwmlpYeJ1ClQm4dRL/eYVga02xk1HBbFzMdEd4BTihymdmyjEmefFulfieXmp
+eHqv5+vQIs7lv5izjHKYoXjrlU0udVUodkYRxzU52rKOhoJeiv83WxilMvip1/5i
+hk5PFlqHV+fPwZ5sUzVWqtRiO8a/GQsqU76nbOcpDC2XFWkQZ3r8Y9KMwcCO6/2W
+l64XP1nuwSAvPDa/22uOddTYindrTRSE5/Sdt5/WmO0RUJJHcLREUhLholaLO9et
+isQL3jpvxzNWPGrP+Qnq3rjLRTCW2MlztsalQTnAZVdAWkWpIdse3rAea0rrH9sD
+CBuQP5ZHIGHJIEwJ7lDuX4MW/qsYNXgjgr2oEQMEfCAOhlWyij1rw/5w89MHeBYv
+iZvDv3+Ut3oENoWKqoCiAOw7pOX7ucDlaTTd9AT6oNHGVUhzfFWQG6+ep8JZbFYc
+CKc0jePYCCjmiiP0BkT9k8COBXfofylG1NHgtaevn4UzZecN5vd4DLR55iwLjZl/
+0YQ6QADH8mPkHGBjthLgE0Aw4nmolKNnjuYHJq0CsoalcGIizfz62aWKkEzVW7xo
+UWLkdnOc9mlWWLlzoxjrNZ4Nd0x+tCtE98lEsj8EgKmI9xpbAgMBAAGjXTBbMB0G
+A1UdDgQWBBS/pppkb7p9BT/BVTiGqiiP2681HDAfBgNVHSMEGDAWgBS/pppkb7p9
+BT/BVTiGqiiP2681HDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG
+9w0BAQsFAAOCAgEAVslsFGfU9luvWD9+/vfgcqUvLGL8jZPxgHZWD+nzEDjFdETp
+H9N9LVH3hu7eg8ZwU4CnpUujoo+t73GxS4prbzzThZ98uFAxYEcVzKndPa662d8U
+D0Jl5+bCyMhOIl1OpDG5vV/YReWfpfmBMdZvX7ax8fqtqsoxi/zuqiWeMxMc6GHt
+TOupBVanW4Bw6PhVEnjZRQMMbv/0W11NBI6m6yVKGnJUcmMx1Pyc8xg34QgHmhOj
+EQ0WaNW5BgDwcPTA5lKnhWZ8JUk86vvNhqf0AY9Kqa9iMLRLBHTp8UV9daA4UMDp
+jjgukdYouNWb5rFbJtFdKYUYPTB0AWVDC+3ML97lZzyNS7H/DeBZS6V/5f+yartk
+t7berj9NXi+1jU+a3O45yrvSleahyBuKyCzL3E/fTdgyoLFEoh8xN62/wfwe7DnV
+onsekRnSDJnwKKZdkGN/xzsk3l0gcfLLq58Tk0wuLOZBtYF8H728VsQW+WPXGzpr
+l7V5j5mllxw/EB4rUQa1c9Nea0+E0nloor0vgLVdvnYc9fDvVUNVOUt9uw8kFTmA
+qXn194A/SKA2ZBJ8Y3kxQe+lFXvqRMz4HaCGeK7VBcvoRE0TTdkpiM+m7fFo7cOL
+YdhffQjie2l4ACygMeU7ggw1cM7gFa820MnV04SGHiMQ19F5p3rn0wDITT0=
+-----END CERTIFICATE-----
diff --git a/src/Signing/TestCertificate/idrix_Sha256CodeSign.pfx b/src/Signing/TestCertificate/idrix_Sha256CodeSign.pfx
new file mode 100644
index 00000000..44dd3f6b
--- /dev/null
+++ b/src/Signing/TestCertificate/idrix_Sha256CodeSign.pfx
Binary files differ
diff --git a/src/Signing/sign.bat b/src/Signing/sign.bat
index 8c1e3920..d1d6652f 100644
--- a/src/Signing/sign.bat
+++ b/src/Signing/sign.bat
@@ -1,12 +1,13 @@
PATH=%PATH%;%WSDK81%\bin\x86
rem sign using SHA-1
-signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
-signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+signtool sign /v /a /n IDRIX /i Thawte /ac thawte_Primary_MS_Cross_Cert.cer /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
+signtool sign /v /a /n IDRIX /i Thawte /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
rem sign using SHA-256
-signtool sign /v /a /n IDRIX /ac thawte_Primary_MS_Cross_Cert.cer /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
-signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+signtool sign /v /a /n "IDRIX SARL" /i GlobalSign /ac GlobalSign_Root_CA_MS_Cross_Cert.crt /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys"
+signtool sign /v /a /n "IDRIX SARL" /i GlobalSign /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+
cd "..\Release\Setup Files\"
@@ -19,8 +20,8 @@ del *.xml
cd "..\..\Signing"
rem sign using SHA-1
-signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
+signtool sign /v /a /n IDRIX /i Thawte /ac Thawt_CodeSigning_CA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
rem sign using SHA-256
-signtool sign /v /a /n IDRIX /ac Thawt_CodeSigning_CA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
+signtool sign /v /a /n "IDRIX SARL" /i GlobalSign /ac GlobalSign_SHA256_EV_CodeSigning_CA.cer /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
pause
diff --git a/src/Signing/sign_test.bat b/src/Signing/sign_test.bat
index c36f0536..9daf78e4 100644
--- a/src/Signing/sign_test.bat
+++ b/src/Signing/sign_test.bat
@@ -2,12 +2,16 @@ PATH=%PATH%;%WSDK81%\bin\x86
set PFXNAME=TestCertificate\idrix_codeSign.pfx
set PFXPASSWORD=idrix
+set PFXCA=TestCertificate\idrix_TestRootCA.crt
+set SHA256PFXNAME=TestCertificate\idrix_Sha256CodeSign.pfx
+set SHA256PFXPASSWORD=idrix
+set SHA256PFXCA=TestCertificate\idrix_SHA256TestRootCA.crt
rem sign using SHA-1
-signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
rem sign using SHA-256
-signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
+signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\veracrypt.sys" "..\Release\Setup Files\veracrypt-x64.sys" "..\Release\Setup Files\VeraCrypt.exe" "..\Release\Setup Files\VeraCrypt Format.exe" "..\Release\Setup Files\VeraCryptExpander.exe" "..\Release\Setup Files\VeraCrypt-x64.exe" "..\Release\Setup Files\VeraCrypt Format-x64.exe" "..\Release\Setup Files\VeraCryptExpander-x64.exe"
cd "..\Release\Setup Files\"
@@ -20,9 +24,9 @@ del *.xml
cd "..\..\Signing"
rem sign using SHA-1
-signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
+signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac %PFXCA% /fd sha1 /t http://timestamp.verisign.com/scripts/timestamp.dll "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
rem sign using SHA-256
-signtool sign /v /a /f %PFXNAME% /p %PFXPASSWORD% /ac TestCertificate\idrix_TestRootCA.crt /as /fd sha256 /tr http://timestamp.geotrust.com/tsa "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
+signtool sign /v /a /f %SHA256PFXNAME% /p %SHA256PFXPASSWORD% /ac %SHA256PFXCA% /as /fd sha256 /tr http://timestamp.globalsign.com/?signature=sha2 /td SHA256 "..\Release\Setup Files\VeraCrypt Setup 1.16.exe"
pause \ No newline at end of file