topic Re: Application Signing in Visual Studio in Intel® Fortran Compiler

Application Signing in Visual Studio

Ted_Lillys — Wed, 16 Mar 2022 16:30:24 GMT

Hello all,

I am attempting to use a post build event to sign a compiled console application using signtool. This is happening after the fact of setting up the solution and projects. Obviously, it isn't going well since I'm posting a question here. I'm using an environment variable that contains the full path to the signtool.exe. The build log has the following response:

%SIGNTOOL% sign /n “RTI International (Research Triangle Institute Inc)” /sm /tr http://timestamp.entrust.net/rfc3161ts2 /fd sha256 /td sha256 C:\Users\tlillys\Documents\GitHub\minteqa2\src\MINTEQA2\minteqa2\Debug\minteqa2.exe
SignTool Error: No file digest algorithm specified. Please specify the digest algorithm with the /fd flag. Using /fd SHA256 is recommended and more secure than SHA1. Calling signtool with /fd sha1 is equivalent to the previous behavior. In order to select the hash algorithm used in the signing certificate's signature, use the /fd certHash option. 
Project : error PRJ0019: A tool returned an error code from "Signtool"

IT folks here have asked if there are any compiler options/settings that relate to the "digest algorithm". I haven't seen any as I browse through.

Are there options when setting up a new project/solution that pertain to digest algorithms?

Thanks

Ted

Platform deets:

Win 10 box with

Microsoft Visual Studio Professional 2017
Version 15.9.44
VisualStudio.15.Release/15.9.44+28307.1800
Microsoft .NET Framework
Version 4.8.04084

Installed Version: Professional

Intel® Fortran Compiler Package ID: w_oneAPI_2021.3.0.306
Intel® Fortran Compiler – toolkit version: 2021.3.0, extension version 19.2.0062.15, Package ID: w_oneAPI_2021.3.0.306, Copyright © 2002-2021 Intel Corporation. All rights reserved.
* Other names and brands may be claimed as the property of others.

Re: Application Signing in Visual Studio

Steve_Lionel — Wed, 16 Mar 2022 17:55:09 GMT

There is absolutely nothing in the compiler relevant to this. I would expect you to put the signing command in a "Post-Build Event". Note that host process environment variables aren't passed into the event process, but it looks to me as if you have inadequately specified the command for the signing tool.

Re: Application Signing in Visual Studio

Ted_Lillys — Thu, 17 Mar 2022 14:20:51 GMT

Thanks Steve. I didn't think there would be an option.

What's curious is that the response using the environment variable gives the impression that the signtool.exe was called and responded that the arguments provided were not sufficient, as you observed. If I replace the environment variable with the quoted path to the signtool.exe, the error indicates that the replacement string is not recognized. Once I added "call", I'm back where I started which is an issue with the /fd flag.

Re: Application Signing in Visual Studio

Steve_Lionel — Thu, 17 Mar 2022 14:39:20 GMT

It would be interesting to see the build log after setting the VS option Tools > Options > Intel Compilers and Libraries > IFORT Intel Fortran Classic > General > Show Environment in Log > True. Zip buildlog.htm and attach it to a reply here. Also, I notice there are "fancy quotes" in your excerpt from the build log - are those actually in the command, or did you run this through Word first?

Re: Application Signing in Visual Studio

Ted_Lillys — Wed, 06 Dec 2023 18:01:35 GMT

The solution was to put everything in a batch file that expected the full path to the target as an argument and call the batch file in the post build command.

sign.bat:

%SIGNTOOL% sign /n "Company Name" /sm /tr http://timestamp.entrust.net/;aldskf;aoi /fd sha256 /td sha256 %1