Emmanuel Bourg
Emmanuel Bourg
The signature added to the file contains the certificate chain. signtool puts the whole chain in the signature, but the root certificate doesn't have to be included since it's already...
Yes that's correct. And after building the project you've used `java -jar jsign\target\jsign-6.1-SNAPSHOT.jar --storetype ETOKEN ...` ? By disabling `isSelfSigned()`you should get a larger file, unless the certificate chain stored...
Could you send the two files signed by signtool and jsign to [email protected]? I'll give them a look.
Thank you for the files. The file signed by signtool contains 6 certificates: * 3 for your signing certificate and the intermediate certificates (Sectigo Public Code Signing CA EV R36,...
Alternatively, if you can load the full certificate chain on the SafeNet eToken you could avoid the `--certfile` parameter. I don't know if that's possible though.
Digging further, I thought Windows had a list a intermediate CA certificates but I was wrong. Windows adds the intermediate certificates automatically to its trustsore as it discovers them. It...
@vinnyvinny1989 The missing intermediate certificates are now downloaded automatically. Could you give it a try an confirm it works for you please?
Yes, or you can download the CI build: https://github.com/ebourg/jsign/actions/runs/9038916734/artifacts/1492735001
Great! Thank you for the feedback
If this format is usually signed with signtool then it's a good candidate to have it supported by Jsign. I have never seen an HLK file, but according to the...