Conan
-
Posts
5 -
Joined
-
Last visited
Posts posted by Conan
-
-
Beautiful! That works perfectly, thank you again.
Just out of curiosity, what was the issue with the plugin's managed DLLs; signtool saying signed yet explorer and Get-AuthenticodeSignature saying not signed?
-
yay! thank you!!
seriously, much appreciated. you just made a bunch of sysadmin and security types so very happy
not sure if this helps, looks like there's more than one method, not sure how much of a difference that makes ...i could be completely off the mark
https://learn.microsoft.com/en-us/dotnet/standard/assembly/sign-strong-name
do you get a different result with and without the "/ms" parameter?
sigtool.exe verify /ms
https://learn.microsoft.com/en-us/dotnet/framework/tools/signtool-exe
/ms should be the default as of Win8
don't think that will be it, but first thing that comes to mind. Might be able to rule out some WinVerifyTrust / CertPaddingCheck related issue at least.
context:
It's an old issue that recently got some attention after being exploited in the wild.Priority got increased, might have some changes in behaviour i've missed.
https://learn.microsoft.com/en-us/security-updates/securityadvisories/2014/2915720
https://www.tenable.com/plugins/nessus/166555
Yes, those are strings that should be DWORD, Either work, but strings is what the MSFT doco uses ... yeah lol
[HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config] "EnableCertPaddingCheck"="1" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config] "EnableCertPaddingCheck"="1"
-
arh, my apologies, that's quite the impact. Did not realise.
greatly appreciate you responding, surprised actually. Just transferred $20 USD / $30 AUD, been using PND for many years, should be more, sorry.
Transaction ID: 5A482066KE265925W
Not being pushy, no expectations. The above is long over due and unrelated this request.
This is mostly related to running PND in an enterprise environment, i can have chat with the boss, see if they'd be willing to pay for this as a feature request. Can't make any promises, don't know if they'll go for it.
I wasn't able to reproduce the rate limit issue. Are you able to share how of the signing process works in the build? Will help if i can.
through PowerShell, was able to sign 261 files in 68 seconds in one go, passing an array.
71 seconds when iterating.
...Not sure how valid a test this is though
guessing you're using visual studio / signtool
looks like signtool can take a | delimited file list, not sure if that helps
https://stackoverflow.com/questions/65985951/sign-multiple-files-with-signtool-exe
there's a list of free timestamp servers, might be able to divvy up across multiple servers
https://gist.github.com/Manouchehri/fd754e402d98430243455713efada710
Not sure if all the DLLs change with each build. Might be able to sign on change?
Probably a messy bad idea, but maybe a "public release" build that signs everything, and a "non-plublic release" that doesn't?
If it's no worth the bother, or just rather not, that's totally cool to
Set-StrictMode -Version 'latest' $ErrorActionPreference = 'stop' #New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -Type CodeSigningCert -Subject 'test01' $myCodeSignCert = Get-Item -LiteralPath Cert:\CurrentUser\My\A677A404C028940D31CC3EE16C7BAE6932367A61 $FilesNotSigned = Get-ChildItem -LiteralPath 'C:\temp\paint.net' -File | Where-Object -FilterScript { $PSItem.Extension -eq '.dll' } | Get-AuthenticodeSignature | Where-Object -FilterScript { $PSItem.Status -ne 'Valid' } | Select-Object -ExpandProperty 'Path' Measure-Command -Expression { Set-AuthenticodeSignature -TimestampServer 'http://timestamp.digicert.com' -Certificate $myCodeSignCert -FilePath $FilesNotSigned } #stdout Days : 0 Hours : 0 Minutes : 1 Seconds : 8 Milliseconds : 167 Ticks : 681673557 TotalDays : 0.000788974024305556 TotalHours : 0.0189353765833333 TotalMinutes : 1.136122595 TotalSeconds : 68.1673557 TotalMilliseconds : 68167.3557
Measure-Command -Expression { $FilesNotSigned | ForEach-Object -Process { Set-AuthenticodeSignature -TimestampServer 'http://timestamp.digicert.com' -Certificate $myCodeSignCert -FilePath $PSItem } } Days : 0 Hours : 0 Minutes : 1 Seconds : 11 Milliseconds : 575 Ticks : 715756974 TotalDays : 0.000828422423611111 TotalHours : 0.0198821381666667 TotalMinutes : 1.19292829 TotalSeconds : 71.5756974 TotalMilliseconds : 71575.6974
-
Hi,
Would it be possible the DLLs to be signed as part of the build process?
same as "C:\Program Files\paint.net\paintdotnet.exe"
It's more of a thing for environments that have application allow listing. Easier / more secure to use Authenticode than maintaining file hashes / allowing based on path.
Cheers
Get-ChildItem -LiteralPath 'C:\Program Files\paint.net\' -File | Where-Object -FilterScript {
$PSItem.Extension -eq '.dll'
} | Get-AuthenticodeSignature | Where-Object -FilterScript {
$PSItem.Status -ne 'Valid'
} | Select-Object -ExpandProperty 'Path'C:\Program Files\paint.net\Accessibility.dll
C:\Program Files\paint.net\CommunityToolkit.HighPerformance.dll
C:\Program Files\paint.net\ComputeSharp.Core.dll
C:\Program Files\paint.net\ComputeSharp.D2D1.dll
C:\Program Files\paint.net\Crc32.NET.dll
C:\Program Files\paint.net\DirectWriteForwarder.dll
C:\Program Files\paint.net\Interop.WIA.dll
C:\Program Files\paint.net\K4os.Compression.LZ4.dll
C:\Program Files\paint.net\Microsoft.CSharp.dll
C:\Program Files\paint.net\Microsoft.VisualBasic.Core.dll
C:\Program Files\paint.net\Microsoft.VisualBasic.dll
C:\Program Files\paint.net\Microsoft.VisualBasic.Forms.dll
C:\Program Files\paint.net\Microsoft.Win32.Primitives.dll
C:\Program Files\paint.net\Microsoft.Win32.Registry.AccessControl.dll
C:\Program Files\paint.net\Microsoft.Win32.Registry.dll
C:\Program Files\paint.net\Microsoft.Win32.SystemEvents.dll
C:\Program Files\paint.net\Mono.Cecil.dll
C:\Program Files\paint.net\Mono.Cecil.Mdb.dll
C:\Program Files\paint.net\Mono.Cecil.Pdb.dll
C:\Program Files\paint.net\Mono.Cecil.Rocks.dll
C:\Program Files\paint.net\mscorlib.dll
C:\Program Files\paint.net\netstandard.dll
C:\Program Files\paint.net\Newtonsoft.Json.dll
C:\Program Files\paint.net\PaintDotNet.Base.dll
C:\Program Files\paint.net\PaintDotNet.Collections.dll
C:\Program Files\paint.net\PaintDotNet.ComponentModel.dll
C:\Program Files\paint.net\PaintDotNet.Core.dll
C:\Program Files\paint.net\PaintDotNet.Data.dll
C:\Program Files\paint.net\paintdotnet.dll
C:\Program Files\paint.net\PaintDotNet.Effects.Core.dll
C:\Program Files\paint.net\PaintDotNet.Effects.dll
C:\Program Files\paint.net\PaintDotNet.Effects.Gpu.dll
C:\Program Files\paint.net\PaintDotNet.Effects.Legacy.dll
C:\Program Files\paint.net\PaintDotNet.Framework.dll
C:\Program Files\paint.net\PaintDotNet.Fundamentals.dll
C:\Program Files\paint.net\PaintDotNet.ObjectModel.dll
C:\Program Files\paint.net\PaintDotNet.Plugins.Compatibility.dll
C:\Program Files\paint.net\PaintDotNet.Primitives.dll
C:\Program Files\paint.net\PaintDotNet.PropertySystem.dll
C:\Program Files\paint.net\PaintDotNet.Resources.dll
C:\Program Files\paint.net\PaintDotNet.Runtime.dll
C:\Program Files\paint.net\PaintDotNet.SystemLayer.dll
C:\Program Files\paint.net\PaintDotNet.SystemLayer.Native.x64.dll
C:\Program Files\paint.net\PaintDotNet.Systrace.dll
C:\Program Files\paint.net\PaintDotNet.UI.dll
C:\Program Files\paint.net\PaintDotNet.Windows.Core.dll
C:\Program Files\paint.net\PaintDotNet.Windows.dll
C:\Program Files\paint.net\PaintDotNet.Windows.Framework.dll
C:\Program Files\paint.net\PhotoSauce.MagicScaler.dll
C:\Program Files\paint.net\PointerToolkit.dll
C:\Program Files\paint.net\PointerToolkit.TerraFX.Interop.Windows.dll
C:\Program Files\paint.net\PresentationCore.dll
C:\Program Files\paint.net\PresentationFramework-SystemCore.dll
C:\Program Files\paint.net\PresentationFramework-SystemData.dll
C:\Program Files\paint.net\PresentationFramework-SystemDrawing.dll
C:\Program Files\paint.net\PresentationFramework-SystemXml.dll
C:\Program Files\paint.net\PresentationFramework-SystemXmlLinq.dll
C:\Program Files\paint.net\PresentationFramework.Aero.dll
C:\Program Files\paint.net\PresentationFramework.Aero2.dll
C:\Program Files\paint.net\PresentationFramework.AeroLite.dll
C:\Program Files\paint.net\PresentationFramework.Classic.dll
C:\Program Files\paint.net\PresentationFramework.dll
C:\Program Files\paint.net\PresentationFramework.Luna.dll
C:\Program Files\paint.net\PresentationFramework.Royale.dll
C:\Program Files\paint.net\PresentationUI.dll
C:\Program Files\paint.net\ReachFramework.dll
C:\Program Files\paint.net\System.AppContext.dll
C:\Program Files\paint.net\System.Buffers.dll
C:\Program Files\paint.net\System.CodeDom.dll
C:\Program Files\paint.net\System.Collections.Concurrent.dll
C:\Program Files\paint.net\System.Collections.dll
C:\Program Files\paint.net\System.Collections.Immutable.dll
C:\Program Files\paint.net\System.Collections.NonGeneric.dll
C:\Program Files\paint.net\System.Collections.Specialized.dll
C:\Program Files\paint.net\System.ComponentModel.Annotations.dll
C:\Program Files\paint.net\System.ComponentModel.DataAnnotations.dll
C:\Program Files\paint.net\System.ComponentModel.dll
C:\Program Files\paint.net\System.ComponentModel.EventBasedAsync.dll
C:\Program Files\paint.net\System.ComponentModel.Primitives.dll
C:\Program Files\paint.net\System.ComponentModel.TypeConverter.dll
C:\Program Files\paint.net\System.Configuration.ConfigurationManager.dll
C:\Program Files\paint.net\System.Configuration.dll
C:\Program Files\paint.net\System.Console.dll
C:\Program Files\paint.net\System.Core.dll
C:\Program Files\paint.net\System.Data.Common.dll
C:\Program Files\paint.net\System.Data.DataSetExtensions.dll
C:\Program Files\paint.net\System.Data.dll
C:\Program Files\paint.net\System.Design.dll
C:\Program Files\paint.net\System.Diagnostics.Contracts.dll
C:\Program Files\paint.net\System.Diagnostics.Debug.dll
C:\Program Files\paint.net\System.Diagnostics.DiagnosticSource.dll
C:\Program Files\paint.net\System.Diagnostics.EventLog.dll
C:\Program Files\paint.net\System.Diagnostics.EventLog.Messages.dll
C:\Program Files\paint.net\System.Diagnostics.FileVersionInfo.dll
C:\Program Files\paint.net\System.Diagnostics.PerformanceCounter.dll
C:\Program Files\paint.net\System.Diagnostics.Process.dll
C:\Program Files\paint.net\System.Diagnostics.StackTrace.dll
C:\Program Files\paint.net\System.Diagnostics.TextWriterTraceListener.dll
C:\Program Files\paint.net\System.Diagnostics.Tools.dll
C:\Program Files\paint.net\System.Diagnostics.TraceSource.dll
C:\Program Files\paint.net\System.Diagnostics.Tracing.dll
C:\Program Files\paint.net\System.DirectoryServices.dll
C:\Program Files\paint.net\System.dll
C:\Program Files\paint.net\System.Drawing.Common.dll
C:\Program Files\paint.net\System.Drawing.Design.dll
C:\Program Files\paint.net\System.Drawing.dll
C:\Program Files\paint.net\System.Drawing.Primitives.dll
C:\Program Files\paint.net\System.Dynamic.Runtime.dll
C:\Program Files\paint.net\System.Formats.Asn1.dll
C:\Program Files\paint.net\System.Formats.Tar.dll
C:\Program Files\paint.net\System.Globalization.Calendars.dll
C:\Program Files\paint.net\System.Globalization.dll
C:\Program Files\paint.net\System.Globalization.Extensions.dll
C:\Program Files\paint.net\System.IO.Compression.Brotli.dll
C:\Program Files\paint.net\System.IO.Compression.dll
C:\Program Files\paint.net\System.IO.Compression.FileSystem.dll
C:\Program Files\paint.net\System.IO.Compression.ZipFile.dll
C:\Program Files\paint.net\System.IO.dll
C:\Program Files\paint.net\System.IO.FileSystem.AccessControl.dll
C:\Program Files\paint.net\System.IO.FileSystem.dll
C:\Program Files\paint.net\System.IO.FileSystem.DriveInfo.dll
C:\Program Files\paint.net\System.IO.FileSystem.Primitives.dll
C:\Program Files\paint.net\System.IO.FileSystem.Watcher.dll
C:\Program Files\paint.net\System.IO.IsolatedStorage.dll
C:\Program Files\paint.net\System.IO.MemoryMappedFiles.dll
C:\Program Files\paint.net\System.IO.Packaging.dll
C:\Program Files\paint.net\System.IO.Pipes.AccessControl.dll
C:\Program Files\paint.net\System.IO.Pipes.dll
C:\Program Files\paint.net\System.IO.UnmanagedMemoryStream.dll
C:\Program Files\paint.net\System.Linq.dll
C:\Program Files\paint.net\System.Linq.Expressions.dll
C:\Program Files\paint.net\System.Linq.Parallel.dll
C:\Program Files\paint.net\System.Linq.Queryable.dll
C:\Program Files\paint.net\System.Memory.dll
C:\Program Files\paint.net\System.Net.dll
C:\Program Files\paint.net\System.Net.Http.dll
C:\Program Files\paint.net\System.Net.Http.Json.dll
C:\Program Files\paint.net\System.Net.HttpListener.dll
C:\Program Files\paint.net\System.Net.Mail.dll
C:\Program Files\paint.net\System.Net.NameResolution.dll
C:\Program Files\paint.net\System.Net.NetworkInformation.dll
C:\Program Files\paint.net\System.Net.Ping.dll
C:\Program Files\paint.net\System.Net.Primitives.dll
C:\Program Files\paint.net\System.Net.Quic.dll
C:\Program Files\paint.net\System.Net.Requests.dll
C:\Program Files\paint.net\System.Net.Security.dll
C:\Program Files\paint.net\System.Net.ServicePoint.dll
C:\Program Files\paint.net\System.Net.Sockets.dll
C:\Program Files\paint.net\System.Net.WebClient.dll
C:\Program Files\paint.net\System.Net.WebHeaderCollection.dll
C:\Program Files\paint.net\System.Net.WebProxy.dll
C:\Program Files\paint.net\System.Net.WebSockets.Client.dll
C:\Program Files\paint.net\System.Net.WebSockets.dll
C:\Program Files\paint.net\System.Numerics.dll
C:\Program Files\paint.net\System.Numerics.Vectors.dll
C:\Program Files\paint.net\System.ObjectModel.dll
C:\Program Files\paint.net\System.Printing.dll
C:\Program Files\paint.net\System.Private.CoreLib.dll
C:\Program Files\paint.net\System.Private.DataContractSerialization.dll
C:\Program Files\paint.net\System.Private.Uri.dll
C:\Program Files\paint.net\System.Private.Xml.Linq.dll
C:\Program Files\paint.net\System.Reflection.DispatchProxy.dll
C:\Program Files\paint.net\System.Reflection.dll
C:\Program Files\paint.net\System.Reflection.Emit.dll
C:\Program Files\paint.net\System.Reflection.Emit.ILGeneration.dll
C:\Program Files\paint.net\System.Reflection.Emit.Lightweight.dll
C:\Program Files\paint.net\System.Reflection.Extensions.dll
C:\Program Files\paint.net\System.Reflection.Metadata.dll
C:\Program Files\paint.net\System.Reflection.MetadataLoadContext.dll
C:\Program Files\paint.net\System.Reflection.Primitives.dll
C:\Program Files\paint.net\System.Reflection.TypeExtensions.dll
C:\Program Files\paint.net\System.Resources.Extensions.dll
C:\Program Files\paint.net\System.Resources.Reader.dll
C:\Program Files\paint.net\System.Resources.ResourceManager.dll
C:\Program Files\paint.net\System.Resources.Writer.dll
C:\Program Files\paint.net\System.Runtime.CompilerServices.Unsafe.dll
C:\Program Files\paint.net\System.Runtime.CompilerServices.VisualC.dll
C:\Program Files\paint.net\System.Runtime.dll
C:\Program Files\paint.net\System.Runtime.Extensions.dll
C:\Program Files\paint.net\System.Runtime.Handles.dll
C:\Program Files\paint.net\System.Runtime.InteropServices.dll
C:\Program Files\paint.net\System.Runtime.InteropServices.JavaScript.dll
C:\Program Files\paint.net\System.Runtime.InteropServices.RuntimeInformation.dll
C:\Program Files\paint.net\System.Runtime.Intrinsics.dll
C:\Program Files\paint.net\System.Runtime.Loader.dll
C:\Program Files\paint.net\System.Runtime.Numerics.dll
C:\Program Files\paint.net\System.Runtime.Serialization.dll
C:\Program Files\paint.net\System.Runtime.Serialization.Formatters.dll
C:\Program Files\paint.net\System.Runtime.Serialization.Json.dll
C:\Program Files\paint.net\System.Runtime.Serialization.Primitives.dll
C:\Program Files\paint.net\System.Runtime.Serialization.Xml.dll
C:\Program Files\paint.net\System.Security.AccessControl.dll
C:\Program Files\paint.net\System.Security.Claims.dll
C:\Program Files\paint.net\System.Security.Cryptography.Algorithms.dll
C:\Program Files\paint.net\System.Security.Cryptography.Cng.dll
C:\Program Files\paint.net\System.Security.Cryptography.Csp.dll
C:\Program Files\paint.net\System.Security.Cryptography.dll
C:\Program Files\paint.net\System.Security.Cryptography.Encoding.dll
C:\Program Files\paint.net\System.Security.Cryptography.OpenSsl.dll
C:\Program Files\paint.net\System.Security.Cryptography.Pkcs.dll
C:\Program Files\paint.net\System.Security.Cryptography.Primitives.dll
C:\Program Files\paint.net\System.Security.Cryptography.ProtectedData.dll
C:\Program Files\paint.net\System.Security.Cryptography.X509Certificates.dll
C:\Program Files\paint.net\System.Security.Cryptography.Xml.dll
C:\Program Files\paint.net\System.Security.dll
C:\Program Files\paint.net\System.Security.Permissions.dll
C:\Program Files\paint.net\System.Security.Principal.dll
C:\Program Files\paint.net\System.Security.Principal.Windows.dll
C:\Program Files\paint.net\System.Security.SecureString.dll
C:\Program Files\paint.net\System.ServiceModel.Web.dll
C:\Program Files\paint.net\System.ServiceProcess.dll
C:\Program Files\paint.net\System.Text.Encoding.CodePages.dll
C:\Program Files\paint.net\System.Text.Encoding.dll
C:\Program Files\paint.net\System.Text.Encoding.Extensions.dll
C:\Program Files\paint.net\System.Text.Encodings.Web.dll
C:\Program Files\paint.net\System.Text.Json.dll
C:\Program Files\paint.net\System.Text.RegularExpressions.dll
C:\Program Files\paint.net\System.Threading.AccessControl.dll
C:\Program Files\paint.net\System.Threading.Channels.dll
C:\Program Files\paint.net\System.Threading.dll
C:\Program Files\paint.net\System.Threading.Overlapped.dll
C:\Program Files\paint.net\System.Threading.Tasks.Dataflow.dll
C:\Program Files\paint.net\System.Threading.Tasks.dll
C:\Program Files\paint.net\System.Threading.Tasks.Extensions.dll
C:\Program Files\paint.net\System.Threading.Tasks.Parallel.dll
C:\Program Files\paint.net\System.Threading.Thread.dll
C:\Program Files\paint.net\System.Threading.ThreadPool.dll
C:\Program Files\paint.net\System.Threading.Timer.dll
C:\Program Files\paint.net\System.Transactions.dll
C:\Program Files\paint.net\System.Transactions.Local.dll
C:\Program Files\paint.net\System.ValueTuple.dll
C:\Program Files\paint.net\System.Web.dll
C:\Program Files\paint.net\System.Web.HttpUtility.dll
C:\Program Files\paint.net\System.Windows.Controls.Ribbon.dll
C:\Program Files\paint.net\System.Windows.dll
C:\Program Files\paint.net\System.Windows.Extensions.dll
C:\Program Files\paint.net\System.Windows.Forms.Design.dll
C:\Program Files\paint.net\System.Windows.Forms.Design.Editors.dll
C:\Program Files\paint.net\System.Windows.Forms.dll
C:\Program Files\paint.net\System.Windows.Forms.Legacy.dll
C:\Program Files\paint.net\System.Windows.Forms.Primitives.dll
C:\Program Files\paint.net\System.Windows.Input.Manipulations.dll
C:\Program Files\paint.net\System.Windows.Presentation.dll
C:\Program Files\paint.net\System.Xaml.dll
C:\Program Files\paint.net\System.Xml.dll
C:\Program Files\paint.net\System.Xml.Linq.dll
C:\Program Files\paint.net\System.Xml.ReaderWriter.dll
C:\Program Files\paint.net\System.Xml.Serialization.dll
C:\Program Files\paint.net\System.Xml.XDocument.dll
C:\Program Files\paint.net\System.Xml.XmlDocument.dll
C:\Program Files\paint.net\System.Xml.XmlSerializer.dll
C:\Program Files\paint.net\System.Xml.XPath.dll
C:\Program Files\paint.net\System.Xml.XPath.XDocument.dll
C:\Program Files\paint.net\TerraFX.Interop.Windows.dll
C:\Program Files\paint.net\UIAutomationClient.dll
C:\Program Files\paint.net\UIAutomationClientSideProviders.dll
C:\Program Files\paint.net\UIAutomationProvider.dll
C:\Program Files\paint.net\UIAutomationTypes.dll
C:\Program Files\paint.net\WindowsBase.dll
C:\Program Files\paint.net\WindowsFormsIntegration.dll
request code signing for PDN DLLs (makes easier to run PDN in environments with application allow listing
in Troubleshooting & Bug Reports
Posted
thanks, interesting
was the process something like this?
1. build
2. post-build script
3. sign
what was the fix?
sorry if annoying questions, piqued my interest