Mono's Security Tools - TESTS Last updated: August 17, 2006 ------------------------------------------------------------------------------- * AUTHENTICODE Here's a short description on how to test any changes in the Authenticode tool set. This set includes makecert, cert2spc, signcode and chktrust. This is a _minimal_ sequence. Each input/output could be tested under Linux and Windows to ensure maximum compatibility. 0. Setup % cd /mcs/tools/security % make % mono setreg.exe 1 TRUE % cp signcode.exe test.exe 1. Create a test certificate for code-signing % mono makecert.exe -n "CN=careful tester" -sv test.pvk test.cer Mono MakeCert - version 1.1.15.0 X.509 Certificate Builder Copyright 2002, 2003 Motus Technologies. Copyright 2004-2006 Novell. BSD licensed. Success 2. Convert the test certificate to the SPC format % mono cert2spc.exe test.cer test.spc Mono Cert2Spc - version 1.1.15.0 Transform a set of X.509 certificates and CRLs into an Authenticode(TM) "Software Publisher Certificate" Copyright 2002, 2003 Motus Technologies. Copyright 2004-2006 Novell. BSD licensed. Success 3. Sign a PE binary (without a timestamp) % mono signcode.exe -v test.pvk -spc test.spc test.exe Mono SignCode - version 1.1.15.0 Sign assemblies and PE files using Authenticode(tm). Copyright 2002, 2003 Motus Technologies. Copyright 2004-2006 Novell. BSD licensed. Success 4. Verify the binary from step 3 % mono chktrust.exe test.exe Mono CheckTrust - version 1.1.15.0 Verify if an PE executable has a valid Authenticode(tm) signature Copyright 2002, 2003 Motus Technologies. Copyright 2004-2006 Novell. BSD licensed. WARNING! test.exe is not timestamped! SUCCESS: test.exe signature is valid and can be traced back to a trusted root! *** note the warning about the missing timestamp *** 5. Verify the binary from step 3 using MS tools [1] a. Using Windows Explorer, right click on the test.exe file and select the "Properties" menu item; b. From the "test.exe Properties" windows select the "Digital Signatures" tab; c. You should see "careful tester" as the "Name of signer", select it and click on the "Details" button; d. Unless you have created your test certificate with MS tools you should see an error (white X on a red circle) with a description saying "The certificate in the signature cannot be verified."; e. You should NOT see any countersignature; 6. Add a timestamp the binary from step 3 % mono signcode.exe -x -t http://timestamp.verisign.com/scripts/timstamp.dll test.exe Mono SignCode - version 1.1.15.0 Sign assemblies and PE files using Authenticode(tm). Copyright 2002, 2003 Motus Technologies. Copyright 2004-2006 Novell. BSD licensed. Success 7. Verify the binary from step 6 % mono chktrust.exe test.exe Mono CheckTrust - version 1.1.15.0 Verify if an PE executable has a valid Authenticode(tm) signature Copyright 2002, 2003 Motus Technologies. Copyright 2004-2006 Novell. BSD licensed. SUCCESS: test.exe signature is valid and can be traced back to a trusted root! *** note that there is NO warning this time *** 8. Verify the binary from step 6 on Windows [1] a. Follow step 5 from 'a' to 'd' b. This time you should see a countersignature; 9. Sign a PE binary with a timestamp % mono signcode.exe -v test.pvk -spc test.spc -t http://timestamp.verisign.com/scripts/timstamp.dll test.exe Mono SignCode - version 1.1.15.0 Sign assemblies and PE files using Authenticode(tm). Copyright 2002, 2003 Motus Technologies. Copyright 2004-2006 Novell. BSD licensed. Success 10. Verify the binary from step 9 % mono chktrust.exe test.exe Mono CheckTrust - version 1.1.15.0 Verify if an PE executable has a valid Authenticode(tm) signature Copyright 2002, 2003 Motus Technologies. Copyright 2004-2006 Novell. BSD licensed. SUCCESS: test.exe signature is valid and can be traced back to a trusted root! 11. Verify the binary from step 9 on Windows [1] a. Follow step 5 from 'a' to 'd' b. This time you should see a countersignature; 12. Add (another) timestamp the binary from step 9 % mono signcode.exe -x -t http://timestamp.verisign.com/scripts/timstamp.dll test.exe Mono SignCode - version 1.1.15.0 Sign assemblies and PE files using Authenticode(tm). Copyright 2002, 2003 Motus Technologies. Copyright 2004-2006 Novell. BSD licensed. Success 13. Verify the binary from step 12 Mono CheckTrust - version 1.1.15.0 Verify if an PE executable has a valid Authenticode(tm) signature Copyright 2002, 2003 Motus Technologies. Copyright 2004-2006 Novell. BSD licensed. SUCCESS: test.exe signature is valid and can be traced back to a trusted root! 14. Verify the binary from step 12 on Windows [1] a. Follow step 5 from 'a' to 'd' b. This time you should see TWO (2) countersignature, the same one as step 11 and a new one; 15. Clean up % rm test.* % mono setreg.exe 1 FALSE [1] this step must be done on Windows using MS Authenticode(r) tools. ------------------------------------------------------------------------------- * STRONGNAME Here's a minimal test sequence for any change in SN source code (or in the RSA source code). If/when possible all verification should also be done using the MS runtime and tools to ensure full interoperability. 0. Setup % cd /mcs/tools/security % make % sudo make install % echo "class Program { static void Main () { System.Console.WriteLine (\"hello world\"); } }" > tmp.cs % mcs tmp.cs -out:tmp.exe % sn -v tmp.exe [...] tmp.exe is not a strongly named assembly. 1. Create a SNK file (default size is 1024 bits) % sn -k 1024.snk [...] A new 1024 bits strong name keypair has been generated in file '1024.snk'. % mcs -delaysign+ -keyfile:1024.snk tmp.cs -out:tmp1024.exe % sn -v tmp1024.exe [...] Assembly tmp1024.exe isn't strongnamed % mcs -keyfile:1024.snk tmp.cs -out:tmp1024.exe % sn -v tmp1024.exe [...] Assembly tmp1024.exe is strongnamed. 2. Create a large SNK file (supported by Fx 2.0 and later) % sn -k 2048 2048.snk [...] A new 2048 bits strong name keypair has been generated in file '2048.snk'. % mcs -delaysign+ -keyfile:2048.snk tmp.cs -out:tmp2048.exe % sn -v tmp2048.exe [...] Assembly tmp2048.exe isn't strongnamed % sn -R tmp2048.exe 2048.snk [...] Assembly tmp2048.exe signed. % sn -v tmp2048.exe [...] Assembly tmp2048.exe is strongnamed. 3. Create a PFX (PKCS#12) file % makecert -r -n "CN=mono" -p12 tmp.pfx mono [...] Success % sn -p tmp.pfx tmp.pub [...] Enter password for private key (will be visible when typed): mono Public Key extracted to file tmp.pub % sn -tp tmp.pub Public Key: 0024000004800000940000000602000000240000525341310004000011000000137d8a780901ce 3ceeb3aa9c813d9027d96e8be0cae633d0f64e584eb50685adb063b72fe3395f681ffda8a7c940 d0a8c76b1670c3a54cd354af82fe3995f6784a30c14a106d02f4150d0b370479a2cae574f4bce1 bf97a41e59f855a3d0062918861e55afacf9e4934365ea61718ba460dcb46143fee7278414a683 85336ace Public Key Token: de950f189632e7d9 *** Note: your public won't match this one - but it will identical to *** the one we'll extract from the EXE in a few steps... % mcs -delaysign+ -keyfile:tmp.pub tmp.cs -out:tmppfx.exe % sn -R tmppfx.exe tmp.pfx [...] Enter password for private key (will be visible when typed): mono Assembly tmppfx.exe signed. % sn -v tmppfx.exe [...] Assembly tmppfx.exe is strongnamed. 4. Test using the "well known" files % sn -tp ../../class/mono.snk [...] Public Key: 002400000480000094000000060200000024000052534131000400000100010079159977d2d03a 8e6bea7a2e74e8d1afcc93e8851974952bb480a12c9134474d04062447c37e0e68c080536fcf3c 3fbe2ff9c979ce998475e506e8ce82dd5b0f350dc10e93bf2eeecf874b24770c5081dbea7447fd dafa277b22de47d6ffea449674a4f9fccf84d15069089380284dbdd35f46cdff12a1bd78e4ef00 65d016df Public Key Token: 0738eb9f132ed756 % sn -Tp ../../class/lib/default/Mono.Security.dll [...] Public Key: 002400000480000094000000060200000024000052534131000400000100010079159977d2d03a 8e6bea7a2e74e8d1afcc93e8851974952bb480a12c9134474d04062447c37e0e68c080536fcf3c 3fbe2ff9c979ce998475e506e8ce82dd5b0f350dc10e93bf2eeecf874b24770c5081dbea7447fd dafa277b22de47d6ffea449674a4f9fccf84d15069089380284dbdd35f46cdff12a1bd78e4ef00 65d016df Public Key Token: 0738eb9f132ed756 % sn -p ../../class/mono.snk tmp.pub [...] Public Key extracted to file tmp.pub % md5sum tmp.pub b35461067e0e8e00941d68bd55e38582 tmp.pub % sn -tp tmp.pub [...] Public Key: 002400000480000094000000060200000024000052534131000400000100010079159977d2d03a 8e6bea7a2e74e8d1afcc93e8851974952bb480a12c9134474d04062447c37e0e68c080536fcf3c 3fbe2ff9c979ce998475e506e8ce82dd5b0f350dc10e93bf2eeecf874b24770c5081dbea7447fd dafa277b22de47d6ffea449674a4f9fccf84d15069089380284dbdd35f46cdff12a1bd78e4ef00 65d016df Public Key Token: 0738eb9f132ed756 5. Cleanup % rm tmp*.* ------------------------------------------------------------------------------- Send any bug or suggestions to sebastien at ximian.com