87 lines
3.2 KiB
Markdown
87 lines
3.2 KiB
Markdown
# Purpose
|
|
|
|
We're going to be looking at how to get a code-signing certificate, how to sign code with it and use that to create a setup file. This setup file will contain another signed file that will launch a basic web server. The setup file will create a firewall rule for the server so it won't need to prompt the user with a firewall settings prompt.
|
|
|
|
# Obtaining a Code Signing Certificate
|
|
|
|
Purhcase a code-signing certificate: https://cheapsslsecurity.com/comodo/codesigningcertificate.html
|
|
Be aware that you will likely need to create a Dun & Bradstreet listing, depending on the company you order the certificate from: https://www.dandb.com/businessdirectory/products/ (this is free)
|
|
The validation process will take 1-3 business days if you have entered all of your business information correctly and give them your D-U-N-S (Dun & Bradstreet) number. After you receive an email containing a link to the certificate, follow these directions in the **exact same** browser as the one you used to request the certificate : https://cheapsslsecurity.com/downloads.aspx?ispdf=true&iscs=true&filenm=Comodo_Code_Signing_Collection_Guide.pdf
|
|
|
|
# Signing a File
|
|
|
|
[Screenshot] Next, you will need to install Visual Studio with the "Universal Windows App Development Tools" workload. You can click on the list of sub-items and un-select everything except the Windows 10 SDK. You can download Visual Studio here: https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community&rel=16
|
|
|
|
Open a "Developer Command Prompt for VS".
|
|
|
|
![](developerprompt.png)
|
|
|
|
```
|
|
# Sign a file with your certificate.
|
|
SignTool sign /t http://timestamp.comodoca.com /f codesigning.p12 /p <Password> file.exe
|
|
```
|
|
|
|
![](signfile.png)
|
|
|
|
You should see something like this:
|
|
|
|
![](donesigning.png)
|
|
|
|
# Creating the Setup File
|
|
|
|
I'm using a few different Go tools to allow us to create the web server, a firewall rule and put the server file inside our setup app.
|
|
|
|
## Server
|
|
|
|
First of all, you'll want to install Golang: https://golang.org/dl/
|
|
Then you'll want to install [goversioninfo](https://github.com/josephspurrier/goversioninfo) by running the following in a command prompt:
|
|
|
|
```
|
|
go get github.com/josephspurrier/goversioninfo/cmd/goversioninfo
|
|
```
|
|
|
|
This will allow us to set the name of the program, version, etc. and most importantly, which manifest file to use.
|
|
|
|
[Configuration options / usage.]
|
|
|
|
## Firewall Rule
|
|
|
|
go-powershell
|
|
|
|
```
|
|
# working directory is dir
|
|
dir, err := os.Getwd()
|
|
if err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
```
|
|
Might have to create another variable set to the string and add the path.
|
|
|
|
```
|
|
# This command will create the firewall rule.
|
|
New-NetFirewallRule -DisplayName "Name of Rule" -Direction Inbound -Program "C:\path\to\app\file.exe" -Action Allow
|
|
```
|
|
|
|
You should see something like this:
|
|
|
|
![](addfirewallrule.png)
|
|
|
|
Manifest file:
|
|
|
|
```
|
|
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
|
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
|
|
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
|
|
<security>
|
|
<requestedPrivileges>
|
|
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
|
|
</requestedPrivileges>
|
|
</security>
|
|
</trustInfo>
|
|
</assembly>
|
|
```
|
|
|
|
## Put Server In Setup File
|
|
|
|
fileb0x
|