Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

Exe is not working after signing with SignToo

Laxmilal
2009-09-25
2013-06-12
  • Laxmilal
    Laxmilal
    2009-09-25

    Hello everyone,

    I have created a Java application & bundled it in Jar file.
    After that I have create exe with JSmooth & signed it. Its working perfectly fine. But now I want to switch from Jsmooth to Launch4j, this also creating exe like Jsmooth. The exe is working fine, but after signing with Signtool, its shows me error about INVALID Jar. So what should I do ?

    Please suggest me, I am using following batch file to sign the exe.

    set File1=LM.exe

    set TimeURL=http://timestamp.comodoca.com/authenticode
    set StorePass=demo111

    signtool.exe sign /f SignCode\LM.p12 /p %StorePass% /v /t %TimeURL% "%File1%"
    signtool.exe verify /v /a  "%File1%"

    Thanks in advance,
    Laxmilal Menaria

     
  • Goosemoose
    Goosemoose
    2011-10-21

    Did you ever find an answer to this? I'm having the exact same problem.

     
  • RRische
    RRische
    2012-03-17

    Actually, it is possible to sign a wrapped jar file with a little bit of work.
    The final file format will be the header+jar+footer where the header is the launch4j.exe, the jar is really just a zip, and the footer is the signtool authenticode signature.
    Since the zip format allows for a comment to be included at the end of the central directory record, up to 65535 bytes can occur after the jar which should be enough for the signature.
    Steps to perform:
    1. Use launch4j to wrap test.jar to test.exe
    2. Create a copy of test.exe named test-sign.exe
    3. Use signtool to sign test-sign.exe
    4. Find the size of the signature in bytes i.e. sizeInBytesOf(test-sign.exe) - sizeInBytesOf(test.exe)
    5. Edit test.exe with favorite HEX editor to change last two bytes of exe i.e. the jar i.e. the zip end of central directory to the size using littleendian byte order and save
    6. Use signtool to sign test.exe
    7. Verify test.exe signature

     
  • antimaterie
    antimaterie
    2012-06-28

    I can confirm the hack from rrische.
    With a custom ant-task this can be done in a build-enviroment.