MarkGoldberg
02-03-2016, 10:53 AM
I found that appending /rfc3161 to the timestamp url works well for SHA2 (see thread title)
http://timestamp.comodoca.com/rfc3161
I figured that out before I stumbled across the following #pragmas
CODESIGN_SHA
CODESIGN_TSTYPE
CODESIGN_TSSHA1URL
https://support.comodo.com/index.php?/Knowledgebase/Article/View/68/0/time-stamping-server
Talks about how Authenticode is older and I had poor luck adding ?td=sha256 to the URL
I was able to have success at the command line with using switches found here https://msdn.microsoft.com/en-us/library/8s9b9yaz%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396
but I wasn't able to get SB to use those switches, even when i tried "sql injection"... err "command switch injection" techniques inside of SB.
After some confirmation, possibly this can be documented and the URL added to the default list of URLs in SB.
http://timestamp.comodoca.com/rfc3161
I figured that out before I stumbled across the following #pragmas
CODESIGN_SHA
CODESIGN_TSTYPE
CODESIGN_TSSHA1URL
https://support.comodo.com/index.php?/Knowledgebase/Article/View/68/0/time-stamping-server
Talks about how Authenticode is older and I had poor luck adding ?td=sha256 to the URL
I was able to have success at the command line with using switches found here https://msdn.microsoft.com/en-us/library/8s9b9yaz%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396
but I wasn't able to get SB to use those switches, even when i tried "sql injection"... err "command switch injection" techniques inside of SB.
After some confirmation, possibly this can be documented and the URL added to the default list of URLs in SB.