commit 33b2f36db5a2df0fcaeb0d1f781b4323cbdf4bfd Author: Josh Mudge Date: Sat Nov 9 17:01:31 2019 -0700 Latest Docs diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c343247 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +**/git diff --git a/All/Powershelladmin.png b/All/Powershelladmin.png new file mode 100644 index 0000000..5089126 Binary files /dev/null and b/All/Powershelladmin.png differ diff --git a/All/Sign Using OV Cert.md b/All/Sign Using OV Cert.md new file mode 100644 index 0000000..a5e95b2 --- /dev/null +++ b/All/Sign Using OV Cert.md @@ -0,0 +1,86 @@ +# Purpose + +We're going to be looking at how to get a code-signing certificate, how to sign code with it and use that to create a setup file. This setup file will contain another signed file that will launch a basic web server. The setup file will create a firewall rule for the server so it won't need to prompt the user with a firewall settings prompt. + +# Obtaining a Code Signing Certificate + +Purhcase a code-signing certificate: https://cheapsslsecurity.com/comodo/codesigningcertificate.html +Be aware that you will likely need to create a Dun & Bradstreet listing, depending on the company you order the certificate from: https://www.dandb.com/businessdirectory/products/ (this is free) +The validation process will take 1-3 business days if you have entered all of your business information correctly and give them your D-U-N-S (Dun & Bradstreet) number. After you receive an email containing a link to the certificate, follow these directions in the **exact same** browser as the one you used to request the certificate : https://cheapsslsecurity.com/downloads.aspx?ispdf=true&iscs=true&filenm=Comodo_Code_Signing_Collection_Guide.pdf + +# Signing a File + +[Screenshot] Next, you will need to install Visual Studio with the "Universal Windows App Development Tools" workload. You can click on the list of sub-items and un-select everything except the Windows 10 SDK. You can download Visual Studio here: https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community&rel=16 + +Open a "Developer Command Prompt for VS". + +![](developerprompt.png) + + ``` + # Sign a file with your certificate. + SignTool sign /t http://timestamp.comodoca.com /f codesigning.p12 /p file.exe +``` + +![](signfile.png) + +You should see something like this: + +![](donesigning.png) + +# Creating the Setup File + +I'm using a few different Go tools to allow us to create the web server, a firewall rule and put the server file inside our setup app. + +## Server + +First of all, you'll want to install Golang: https://golang.org/dl/ +Then you'll want to install [goversioninfo](https://github.com/josephspurrier/goversioninfo) by running the following in a command prompt: + +``` +go get github.com/josephspurrier/goversioninfo/cmd/goversioninfo +``` + +This will allow us to set the name of the program, version, etc. and most importantly, which manifest file to use. + +[Configuration options / usage.] + +## Firewall Rule + +go-powershell + +``` +# working directory is dir +dir, err := os.Getwd() + if err != nil { + log.Fatal(err) + } +``` +Might have to create another variable set to the string and add the path. + +``` +# This command will create the firewall rule. +New-NetFirewallRule -DisplayName "Name of Rule" -Direction Inbound -Program "C:\path\to\app\file.exe" -Action Allow +``` + +You should see something like this: + +![](addfirewallrule.png) + +Manifest file: + +``` + + + + + + + + + + +``` + +## Put Server In Setup File + +fileb0x diff --git a/All/addfirewallrule.png b/All/addfirewallrule.png new file mode 100644 index 0000000..d9b9ecf Binary files /dev/null and b/All/addfirewallrule.png differ diff --git a/All/adminpromptnewcert.png b/All/adminpromptnewcert.png new file mode 100644 index 0000000..de831d7 Binary files /dev/null and b/All/adminpromptnewcert.png differ diff --git a/All/developerprompt.png b/All/developerprompt.png new file mode 100644 index 0000000..337a5d0 Binary files /dev/null and b/All/developerprompt.png differ diff --git a/All/donesigning.png b/All/donesigning.png new file mode 100644 index 0000000..cbe6b94 Binary files /dev/null and b/All/donesigning.png differ diff --git a/All/signfile.png b/All/signfile.png new file mode 100644 index 0000000..149bfac Binary files /dev/null and b/All/signfile.png differ