Hi,
We are in the process of developing a Cryptographic Service Provider (CSP) which are implemented as Dynamic-link libraries (.dll). The dll work fine in windows 10 but it not work in windows 7. I know I need to sign the dll with a Trusted Certificate, so I have
bought a certificate for Microsoft Authenticode from GlobalSign.
I have used Signtool to sign my dll and add cross certificate. I have try to verify the signed dll and it is ok (please check attached image).
But when I try load my CSP, it fail, I have used the CryptAcquireContext function and It fail with an "Invalid signature" error code.
Can you tell me what thing I wrong? OR What I need to do to fix this?
Thank so much!
My code to sign and verify dll:
set FileToSign="%cd%\eTokenCsp.dll"
set TimeStampURL="http://timestamp.verisign.com/scripts/timstamp.dll"
set CrossCert="MSCV-GlobalsignR3.cer"
set ThumbprintCert="ac61222adc86ac6bbfc8ad8e0dd81f7d96fff64b"
echo Signing file: %FileToSign%
signtool sign /v /ph /ac %CrossCert% /t %TimeStampURL% /sha1 %ThumbprintCert% %FileToSign%
signtool verify /v /kp %FileToSign%
Output verify dll
C:\Users\Tony\Desktop\TestCSP>signtool verify /v /kp eTokenCsp.dll
Verifying: eTokenCsp.dll
Hash of file (sha1): 4CCA87F43123DB3D658E1F0ECF1D24D6FA2CD296
Signing Certificate Chain:
Issued to: GlobalSign
Issued by: GlobalSign
Expires: Sun Mar 18 17:00:00 2029
SHA1 hash: D69B561148F01C77C54578C10926DF5B856976AD
Issued to: GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
Issued by: GlobalSign
Expires: Sat Jun 15 07:00:00 2024
SHA1 hash: 87A63D9ADB627D777836153C680A3DFCF27DE90C
Issued to: MY COMPANY
Issued by: GlobalSign Extended Validation CodeSigning CA - SHA256 -
G3
Expires: Sun Mar 26 16:20:48 2023
SHA1 hash: AC61222ADC86AC6BBFC8AD8E0DD81F7D96FFF64B
The signature is timestamped: Tue Apr 07 09:40:00 2020
Timestamp Verified by:
Issued to: GlobalSign
Issued by: GlobalSign
Expires: Sun Mar 18 17:00:00 2029
SHA1 hash: D69B561148F01C77C54578C10926DF5B856976AD
Issued to: GlobalSign Timestamping CA - SHA256 - G2
Issued by: GlobalSign
Expires: Thu Mar 29 17:00:00 2029
SHA1 hash: 91843BBD936D86EAFA42A3AFBF33E92831068F99
Issued to: GlobalSign TSA for MS Authenticode advanced - G2
Issued by: GlobalSign Timestamping CA - SHA256 - G2
Expires: Sun Mar 18 17:00:00 2029
SHA1 hash: 3EC766D5D4D472E21B1F2143521C31B790D94B68
Cross Certificate Chain:
Issued to: Microsoft Code Verification Root
Issued by: Microsoft Code Verification Root
Expires: Sat Nov 01 20:54:03 2025
SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
Issued to: GlobalSign
Issued by: Microsoft Code Verification Root
Expires: Thu Jun 05 00:47:53 2025
SHA1 hash: 814A5BB5E9093011E121E75169008F6F4667363D
Issued to: GlobalSign Extended Validation CodeSigning CA - SHA256 -
G3
Issued by: GlobalSign
Expires: Sat Jun 15 07:00:00 2024
SHA1 hash: 87A63D9ADB627D777836153C680A3DFCF27DE90C
Issued to: MY COMPANY
Issued by: GlobalSign Extended Validation CodeSigning CA - SHA25
6 - G3
Expires: Sun Mar 26 16:20:48 2023
SHA1 hash: AC61222ADC86AC6BBFC8AD8E0DD81F7D96FFF64B
File has page hashes.
Successfully verified: eTokenCsp.dll
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
