BetaArchive Logo
Navigation Home Database Screenshots Gallery Image Uploader Server Info FTP Servers Wiki Forum RSS Feed Rules Please Donate
UP: 13d, 2h, 42m | CPU: 68% | MEM: 6785MB of 12287MB used
{The community for beta collectors}

Post new topic Reply to topic  [ 10 posts ] 
Author Message
 PostPost subject: Some questions about digital signature.        Posted: Sun Mar 17, 2019 8:30 am 
Reply with quote
Offline

Joined
Sun Sep 23, 2018 9:31 am

Posts
30

Favourite OS
Windows 8.1, Windows Build 9834
Hi, everyone! I have some questions about the digital signature of explorer.exe and other files:
Why the 9785 explorer.exe's properties in 8.1 shows that "The digital signature is OK." But when opening it, it shows something like "The certificate has been revoked by the issuer."?


Top  Profile
 PostPost subject: Re: Some questions about digital signature.        Posted: Sun Mar 17, 2019 10:36 am 
Reply with quote
Donator
User avatar
Offline

Joined
Mon Jul 23, 2012 9:40 pm

Posts
961

Location
Source Tree

Favourite OS
NT3.X Family
Certificates can have revocation dates.

To remove the certificate, use signtool.exe. Note, since explorer is declared a system exe you can only run it with Disable Driver Signature Enforcement set on boot. Unless you are able to produce a valid signature to resign it...

_________________
Quote:
"C makes it easy to shoot yourself in the foot; C++ makes it harder, but when you do it blows your whole leg off"


Top  Profile
 PostPost subject: Re: Some questions about digital signature.        Posted: Sun Mar 17, 2019 12:12 pm 
Reply with quote
Offline

Joined
Sat Nov 26, 2016 1:28 pm

Posts
20
Camwinny wrote:
Hi, everyone! I have some questions about the digital signature of explorer.exe and other files:
Why the 9785 explorer.exe's properties in 8.1 shows that "The digital signature is OK." But when opening it, it shows something like "The certificate has been revoked by the issuer."?


why would this even matter? I run this build day to day with no problem :)


Top  Profile
 PostPost subject: Re: Some questions about digital signature.        Posted: Sun Mar 17, 2019 12:13 pm 
Reply with quote
Donator
User avatar
Offline

Joined
Mon Jul 23, 2012 9:40 pm

Posts
961

Location
Source Tree

Favourite OS
NT3.X Family
Somebody wants to port 9785 explorer to Win8.1/2012R2.

Figure out the dependencies op, then realize the theming engine doesn't work right with it either. Not a one person task.

_________________
Quote:
"C makes it easy to shoot yourself in the foot; C++ makes it harder, but when you do it blows your whole leg off"


Top  Profile
 PostPost subject: Re: Some questions about digital signature.        Posted: Sun Mar 17, 2019 12:21 pm 
Reply with quote
Offline

Joined
Sat Nov 26, 2016 1:28 pm

Posts
20
yourepicfailure wrote:
Somebody wants to port 9785 explorer to Win8.1/2012R2.

Figure out the dependencies op, then realize the theming engine doesn't work right with it either. Not a one person task.

ohhh right, thanks man :)


Top  Profile
 PostPost subject: Re: Some questions about digital signature.        Posted: Sun Mar 17, 2019 12:59 pm 
Reply with quote
FTP Access
User avatar
Offline

Joined
Wed Apr 25, 2018 9:57 am

Posts
57

Favourite OS
Windows XP x64 (SP2)
yourepicfailure wrote:
Somebody wants to port 9785 explorer to Win8.1/2012R2.

Figure out the dependencies op, then realize the theming engine doesn't work right with it either. Not a one person task.


making 9785 a updated os would be much easier


Top  Profile
 PostPost subject: Re: Some questions about digital signature.        Posted: Sun Mar 24, 2019 1:58 am 
Reply with quote
Offline

Joined
Sun Sep 23, 2018 9:31 am

Posts
30

Favourite OS
Windows 8.1, Windows Build 9834
yourepicfailure wrote:
Certificates can have revocation dates.

To remove the certificate, use signtool.exe. Note, since explorer is declared a system exe you can only run it with Disable Driver Signature Enforcement set on boot. Unless you are able to produce a valid signature to resign it...

I didn't mean that. I mean 9785 doesn't care about whether the certificate has been revoked by the developer. But 8.1 does.
As for the "Disable Driver Signature Enforcement set on boot", 9785 is "Not configured" by default.


Top  Profile
 PostPost subject: Re: Some questions about digital signature.        Posted: Sun Mar 24, 2019 2:08 am 
Reply with quote
Offline

Joined
Sun Sep 23, 2018 9:31 am

Posts
30

Favourite OS
Windows 8.1, Windows Build 9834
yourepicfailure wrote:
Somebody wants to port 9785 explorer to Win8.1/2012R2.

Figure out the dependencies op, then realize the theming engine doesn't work right with it either. Not a one person task.

As for the dependencies op, I was wondering whether move the files that have same names in KB3033055 from 9785 to 8.1. KB3033055 has many things in common.


Top  Profile
 PostPost subject: Re: Some questions about digital signature.        Posted: Mon Mar 25, 2019 8:34 pm 
Reply with quote
Donator
User avatar
Offline

Joined
Mon Jul 23, 2012 9:40 pm

Posts
961

Location
Source Tree

Favourite OS
NT3.X Family
>Camwinny, I understand.
I simply told you how to strip the cert so a 9875 executable can be run under 8.1. Because explorer is registered as a system file, in order to run without a certificate in 8.1/2012R2 the os must be run in disable integrity checks.

As for ports, be prepared for dependency differences. They're similar yes, but Microsoft was internally restructuring the os to make it simpler, streamlined, and optimized during development.
An example is several code being moved to kernel32 from user.

_________________
Quote:
"C makes it easy to shoot yourself in the foot; C++ makes it harder, but when you do it blows your whole leg off"


Top  Profile
 PostPost subject: Re: Some questions about digital signature.        Posted: Tue Mar 26, 2019 10:45 am 
Reply with quote
Donator
User avatar
Offline

Joined
Fri May 14, 2010 1:29 pm

Posts
829

Location
Southern Germany

Favourite OS
IRIX 5.3
yourepicfailure wrote:
Certificates can have revocation dates.

You're confusing Revocation and Expiration

Expiration is set when the certificate is created and is usually a few years in the future. When that date passes, the certificate is "expired". This happens automatically and without the computer ever being online or receiving software updates etc.

Revocation is when the publisher decides to prematurely remove trust in a certificate, for example because its private key has been leaked. Revocation usually works online by something called a "certificate revocation list server". The client (Windows) checks there from time to time, to get a list of all root/intermediate certificates that are no longer valid. There are also other ways to revoke certificates, for example via Windows updates. If the system then sees a certificate that has been signed anywhere in the certificate chain by one of those revoked certificates, that (end-)certificate is also marked as invalid, in this case it's marked as "revoked". This will happen even if the expiration date of the certificate is still years in the future (that's the whole point of revocation)

_________________
I upload stuff to archive.org from time to time. See here for everything that doesn't fit BA


Top  Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 




Who is online

Users browsing this forum: No registered users and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

All views expressed in these forums are those of the author and do not necessarily represent the views of the BetaArchive site owner.

Powered by phpBB® Forum Software © phpBB Group

Copyright © 2006-2019

 

Sitemap | XML | RSS


Affiliate