[wix-devs] Authenticode signature verification issue

Rob Mensching rob at firegiant.com
Sun Sep 27 21:26:27 PDT 2015


I could be misreading the code or missing a case that hashes files later but AFAICT Burn does not hash the files if it can Authenticode check them. That would break the way Authenticode updating can work today (although I do think removing that case is a reasonable thing to do since the updates you can do in an Authenticode case are limited and the lack of integrity check has issues... in v4).

So I *think* the requested scenario is supported today.


    // If the payload has a certificate root public key identifier provided, verify the certificate.
    if (pPayload->pbCertificateRootPublicKeyIdentifier)
    {
        hr = CacheVerifyPayloadSignature(pPayload, wzUnverifiedPayloadPath, hFile);
        ExitOnFailure1(hr, "Failed to verify payload signature: %ls", wzCachedPath);
    }
    else if (pPayload->pCatalog) // If catalog files are specified, attempt to verify the file with a catalog file
    {
        hr = VerifyPayloadWithCatalog(pPayload, wzUnverifiedPayloadPath, hFile);
        ExitOnFailure1(hr, "Failed to verify payload signature: %ls", wzCachedPath);
    }
    else if (pPayload->pbHash) // the payload should have a hash we can use to verify it.
    {
        hr = VerifyHash(pPayload->pbHash, pPayload->cbHash, wzUnverifiedPayloadPath, hFile);
        ExitOnFailure1(hr, "Failed to verify payload hash: %ls", wzCachedPath);
    }



_______________________________________________________________
 FireGiant  |  Dedicated support for the WiX toolset  |  http://www.firegiant.com/


-----Original Message-----
From: wix-devs [mailto:wix-devs-bounces at lists.wixtoolset.org] On Behalf Of Heath Stewart
Sent: Sunday, September 27, 2015 9:10 PM
To: WiX Toolset Developer Mailing List <wix-devs at lists.wixtoolset.org>
Subject: Re: [wix-devs] Authenticode signature verification issue

Burn always does hash checks now. We made that change long ago and you said you'd probably just remove the Authenticode check. The point is that Authenticode doesn't let us know if it's the right file, so we always check the hash. The ask is to provide an option to only check Authenticode so they can sign the file later.

Sent from my Windows Phone



____________________________________________________________________
WiX Toolset Developer Mailing List provided by FireGiant http://www.firegiant.com/


More information about the wix-devs mailing list