PDA

View Full Version : PKEY.EXE and WIN 7



NewsArchive
10-01-2010, 12:47 AM
PKEY.EXE does exist in two different forms, the old with a size of
51.712 KB and a newer version.
On all my PC's with different OS (XP, Vista, WIN7) the new PKEY.EXE is
unable to make the digital signature (Makes the -1 error), wherefore I
have had to change to the old version.
That works in XP and Vista.
In WIN7, SB7 is unable to add the password - It has to be done
manually, which is a problem, when you want to automate the
compile/setupbuild process.

Is it possible to make either of the twp PKEY.EXE versions work in
WIN7 as the 51.712 kb version does in XP and Vista?

Best regards

Edvard Korsbæk

NewsArchive
10-01-2010, 12:47 AM
Hi Edvard,

> PKEY.EXE does exist in two different forms, the old with a size of
> 51.712 KB and a newer version.
> On all my PC's with different OS (XP, Vista, WIN7) the new PKEY.EXE is
> unable to make the digital signature (Makes the -1 error), wherefore I
> have had to change to the old version.
> That works in XP and Vista.
> In WIN7, SB7 is unable to add the password - It has to be done
> manually, which is a problem, when you want to automate the
> compile/setupbuild process.
>
> Is it possible to make either of the twp PKEY.EXE versions work in
> WIN7 as the 51.712 kb version does in XP and Vista?

If the "password injection for SignCode" does not work, then something on
your machine (security software or another program that does not allow to
"steal" focus) blocks this process. SignCode does not support password
passing during the command line code-signing process and so a password
injection method has to be used.

If neither of the two PKEY.EXE versions work for you then the only solution
is to switch to .PFX and SignTool.exe (which supports password passing).

Does this help?

Friedrich

NewsArchive
10-01-2010, 12:48 AM
BTW, we are using PKEY.EXE (the "new" one) on all Win7 machines here.

Friedrich

NewsArchive
10-01-2010, 05:37 AM
Seems like i have to change to Signtool - Wonder about my present
COMODO certificate can be used, or I will have to by a new one?

Edvard Korsbæk

NewsArchive
10-01-2010, 05:37 AM
Hi Edvard,

> Seems like i have to change to Signtool - Wonder about my present
> COMODO certificate can be used, or I will have to by a new one?

Absolutely no problem! You only have to convert your .pvk/.spc to .pfx.
Please see "SetupBuilder Code-Signing by Jane Fleming" Page 9 - 15

http://www.lindersoft.com/CodeSign.pdf

Does this help?

Friedrich

NewsArchive
10-01-2010, 05:37 AM
Jane (and Friedrich)

Excellent job on this updated CodeSign FAQ - nice step by step - should
make the process easy for many.

Only real quibble I would suggest as an alternative - using the Microsoft
winsdk_web.exe method (check marking only the Win32 Development tools) and
let it install the needed files directly to a folder instead of using the
ISO method.

http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=c17ba869-9671-4330-a63e-1fd44e0e2505

David

--
From David Troxell - Encourager Software
Microsoft Forums NNTP Bridge - Instructions to use
http://profileexchanges.com/blog/?p=397

NewsArchive
10-01-2010, 05:38 AM
http://www.lindersoft.com/CodeSign.pdf

That one is impressive - Thanks!

Edvard

NewsArchive
10-01-2010, 05:38 AM
I have had the change on all PC's in all OS here over the years.
It could be a good 'Poll' to get the knowledge about how many really
can use the new one - And even better to get an explanation to why
some cannot use the new including a solution.

Edvard Korsbæk

NewsArchive
10-01-2010, 05:38 AM
> I have had the change on all PC's in all OS here over the years.
> It could be a good 'Poll' to get the knowledge about how many really
> can use the new one - And even better to get an explanation to why
> some cannot use the new including a solution.

I estimated (based on support request figures and previous polls) that the
"new" PKEY.EXE works for at least 97% of all SetupBuilder users. The "old"
one (dated 2006) did not work as expected for about 20%-25% of the
SetupBuilder users (caused by modifications in the SetForegroundWindow API).

The Microsoft tool SignCode.exe does NOT support password passing via the
command line at all. You always have to enter the password manually if
SignCode.exe is used. We have developed the PKEY.EXE service tool to try to
inject the password for you during the compilation process.

If another program has focus and PKEY.EXE cannot "steal" the (keyboard)
focus from that app, then password injection fails. If PKEY.EXE cannot
switch focus to the SignCode.exe password entry field then it's not possible
to inject anything. And if PKEY.EXE was able to switch focus over to
SignTool but loses it again during the injection phase then it's possible
that not all password characters can be passed and code-signing will also
fail.

Friedrich