Is it possible to extract the digital signature certificate from a sys driver file by command line?
Either using 3rd party tool or built in windows tools?
Thanks
Using powershell it's quite easy:
$driverFile = 'C:\temp\myDriver.sys';
$outputFile = 'C:\temp\output.cer';
$exportType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Cert;
$cert = (Get-AuthenticodeSignature $driverFile).SignerCertificate;
[System.IO.File]::WriteAllBytes($outputFile, $cert.Export($exportType));
Related
Virtual audio cable installer does not have silent mode on. Therefore can not use following command
Start-Process -Wait -FilePath 'c:\software\vac460\setup64.exe' ArgumentList"/S /v/qn"
Is there another way to install application without user intervention.
I emailed the developer for VAC to ask this same question. He responded:
You can add "-s -k 30570681-0a8b-46e5-8cb2-d835f43af0c5" to the
setup.exe command line.
I have confirmed that this worked using VAC 4.64:
.\setup64.exe -s -k 30570681-0a8b-46e5-8cb2-d835f43af0c5
The installer returns immediately and the process installs in the background. However the installation only took about 10 seconds at most. If you needed to catch a failed install I would suggest monitoring the active audio device and timing out based on that.
Installation log file (on my system) went to C:\Program Files\Virtual Audio Cable\install.log
The Virtual Audio Cable product never had the "virtualaudiocable.exe" installer. I'm afraid you are confusing it with something else.
Here is a way on how i made it work with silent installation. I've used -i -h
#$version = $env:chocolateyPackageVersion -replace "(\d+)\.(\d+)\.(\d+).*",'$1.$2.$3'
$toolsDir = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
$fileLocation = Join-Path $toolsDir 'VBCABLE_Setup_x64.exe'
$packageName = 'VBCable'
$packageArgs = #{
packageName = $packageName
fileType = 'exe'
file = $fileLocation
silentArgs = " -i -h "
softwareName = 'VBCable'
validExitCodes= #(0, 3010, 1641)
# Checksums are now required as of 0.10.0.
# To determine checksums, you can get that from the original site if provided.
# You can also use checksum.exe (choco install checksum) and use it
# e.g. checksum -t sha256 -f path\to\file
checksum = '186892503330970C8E8D561ADF9B71BD15CD93589306EC00FA60009EBF611EE6'
checksumType = 'sha256' #default is md5, can also be sha1, sha256 or sha512
checksum64 = '186892503330970C8E8D561ADF9B71BD15CD93589306EC00FA60009EBF611EE6'
checksumType64 = 'sha256' #default is checksumType
}
Install-ChocolateyInstallPackage #packageArgs
-s -k GUID did not work for me any more, but I found the solution at
https://github.com/gcloudrig/gcloudrig/issues/40, https://github.com/gcloudrig/gcloudrig/commit/68c0c4a289d7127ee3c9b147fd392d150bfa0eab and https://www.hybrid-analysis.com/sample/963b71526274f236ddc82e6becf1ef501310ffda47100d3be52b9c8e3ca9b937?environmentId=120 :
VBCABLE_Setup_x64.exe -h -i -H -n
Run this from an elevated command prompt, of course.
But it still asked me whether I trust this driver.
To solve that, too: Open any CAT-file of this driver and click the "View certificate" button, click the button to install the certificate, then find it in certmgr.msc under "Other People", export it as CER-file and frist run
certutil.exe -addstore "TrustedPublisher" vbcable.cer
on any target machine before running the setup
I've created a power shell script that sets the SSL based on a provided PFX file.
Using the VSTS pipeline, what is the recommended way of passing PFX file to the script?
Including PFX file in a solution
getting the PFX file path on a target environment (contains dependency,
assuming that PFX file is already placed on target environment)
any other solution...?
The common way to pass authentication to the script is using option 1 (Including PFX file in a solution) as you listed.
After adding the pfx file into your solution, you can import certificates and private keys by import-PfxCertificate.
Detail usage and examples of Import-PfxCertificate, you can refer this document.
I have a need to obtain a thumbprint from a pfx file on the filesystem without being prompted for a password that requires manual input.
I'm running this as part of an installer where the user specifies the path to the certificate on the filesystem (Not in the store). And the user specifies the password for the certificate. From that point, i need the thumbprint.
So this is simply a matter of discovering a tool which i can pass a path and password to a pfx file and return the thumbprint. I've tried several tools, but even OpenSSL compiled for windows, and it still prompts for the password and gives back a lot more info than just the thumbprint. It needs to be 100% programmatic and without further user intervention.
I'd love to hear any ideas on how to do this. This will be on Windows Server machines only. Thanks!
I found a way to do this - it involves downloading OpenSSL for windows and using that tool to convert and using powershell to read it out.
Conversion
& openssl pkcs12 -in C:\LocalHost.pfx -out C:\mycertificates.crt -nokeys -clcerts -passin pass:ActualPassword
Read In
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\mycertificates.crt")
$thumbprint = $cert.Thumbprint
write-host $thumbprint
So i had to convert to crt/cer first and then read using X509Certificate2.
When creating .pfx (pkcs#12) file, the internal storage containers, called "SafeBags", may also be encrypted and signed.
By default, OpenSSL encrypts the certificate along with its private key, which means it is not possible to get its thumbprint without knowing password.
When creating a new pfx, you can explicitly add -certpbe NONE to avoid encrypting the certificate.
For more details check -certpbe OpenSSL's man page
I am using WinSCP to write to connect a SQL Server to an SFTP server. I am trying to write a file to an SFTP server where I only have write access, not modify. I am having a problem because I get back
Cannot create remote file '/xxx.filepart'.
The documentation suggests this is because I do not have modify access to the target directory. I did this WinSCP -> Preferences -> Endurance -> Disable
I checked the winscp.ini file and ResumeSupport is 2 (I believe this means disabled). I ran "echo $transferOptions.ResumeSupport" and it says that it is in a default state.
I have checked this documentation:
https://winscp.net/eng/docs/ui_pref_resume
https://winscp.net/eng/docs/library_transferoptions#resumesupport
However, I don't see a PowerShell example, just C#.
I have tried various permutations of $transferOptions.ResumeSupport.State = Off, $transferOptions.ResumeSupport.Off, and whatnot. One of these says that it's read-only.
I know $transferOptions is a variable here but it comes from the default script. The object determines transfer options $transferOptions = New-Object WinSCP.TransferOptions
Thanks in advance for help
edit: The overall problem is I only have write access to the server, but not modify. I am getting a new error: "Cannot overwrite remote file '/xxx'.$$. It looks like the dollar signs are some sort of temp file that it's trying to create. Is there a way to disable whatever setting is causing this?
Syntax for using an enumeration in PowerShell is described in
the article Using WinSCP .NET assembly from PowerShell.
Enumeration values are accessed using static field syntax [Namespace.Type]::Member, for example [WinSCP.Protocol]::Sftp.
You can find a PowerShell example for TransferResumeSupport.State in Converting to .NET assembly section of get and put command documentation:
$transferOptions = New-Object WinSCP.TransferOptions
$transferOptions.ResumeSupport.State = [WinSCP.TransferResumeSupportState]::Off
$session.GetFiles(..., ..., $False, $transferOptions).Check()
WinSCP GUI can also generate a code template (including TransferOptions and TransferResumeSupportState code) for you.
how to convert a certificate from .p7c to .cer extension?
Thanks
I know this is a very old question.
But on Windows 10 or Windows Server 2012 R2, if you double click on a .p7c file, Windows will try to open p7c file with wab.exe (Windows Contact), which is wrong.
What I had to do was rename the p7c file into p7b, only then it will be recognized as a certificate file.
Then I can double click on it and Windows will open it with certmgr, as shown below and export it to Base64 .cer file :
Ok, we find the solution (on windows xp):
double click the file >> click copy on file >> save the file in cer format.