我们使用 DigiCert 为我们的 Windows 桌面应用程序创建证书。证书将于 6 月到期,我想确保这不会影响用户使用的现有版本,并且即使在证书过期后,文件上的数字签名仍将保持有效。
我使用 Electron 来构建应用程序,使用 electron-builder
包,通过将 .pfx 文件传递给它。
我们没有对时间戳服务器使用特定的配置,并希望 electron-builder 默认使用时间戳签署其应用程序(我们与他们核对)。
我使用Windows SDK
中的 signtool
来验证我们的应用程序是否已使用时间戳签名,并使用以下命令:
signtool verify /pa /v ''“C:pathtoYourApp.exe”
下面是我得到的输出。
我能否确保我的应用程序已使用时间戳进行签名,并且我们的客户的当前桌面版本在证书过期后仍然有效?
Verifying: C:\Users\User\AppData\Local\Programs\vonage\Vonage Business.exe
Signature Index: 0 (Primary Signature)
Hash of file (sha1): 768E30E637CBB3735FE60E29CA23D73FA0D9C186
Signing Certificate Chain:
Issued to: DigiCert Assured ID Root CA
Issued by: DigiCert Assured ID Root CA
Expires: Mon Nov 10 03:00:00 2031
SHA1 hash: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Issued to: DigiCert SHA2 Assured ID Code Signing CA
Issued by: DigiCert Assured ID Root CA
Expires: Sun Oct 22 15:00:00 2028
SHA1 hash: 92C1588E85AF2201CE7915E8538B492F605B80C6
Issued to: Vonage Business Inc.
Issued by: DigiCert SHA2 Assured ID Code Signing CA
Expires: Tue Jun 04 02:59:59 2024
SHA1 hash: E4BC6CB9CA192588E5FDD6F7693B44D36456AB4D
The signature is timestamped: Wed May 01 12:45:19 2024
Timestamp Verified by:
Issued to: DigiCert Assured ID Root CA
Issued by: DigiCert Assured ID Root CA
Expires: Mon Nov 10 03:00:00 2031
SHA1 hash: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Issued to: DigiCert Trusted Root G4
Issued by: DigiCert Assured ID Root CA
Expires: Mon Nov 10 02:59:59 2031
SHA1 hash: A99D5B79E9F1CDA59CDAB6373169D5353F5874C6
Issued to: DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
Issued by: DigiCert Trusted Root G4
Expires: Mon Mar 23 02:59:59 2037
SHA1 hash: B6C8AF834D4E53B673C76872AA8C950C7C54DF5F
Issued to: DigiCert Timestamp 2023
Issued by: DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
Expires: Sat Oct 14 02:59:59 2034
SHA1 hash: 66F02B32C2C2C90F825DCEAA8AC9C64F199CCF40
Successfully verified: C:\Users\User\AppData\Local\Programs\vonage\Vonage Business.exe
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
此问题由: How can I be sure my Windows desktop application is signed with a timestamp? - Microsoft Q&A总结而来