Re: difference between authenticode certificate and normal certificate?

2005-07-29 Thread Dr. Stephen Henson
On Thu, Jul 28, 2005, coco coco wrote: Anyway, I just found that CA called Ascertia which seems to offer free certificate. I'll see if I can get a free cert for code signing, and see what's in there. Have you tried this: http://www.thawte.com/support/code/office.html#timestamp Steve.

Re: difference between authenticode certificate and normal certificate?

2005-07-29 Thread coco coco
Wow, Steve, I must say, you are a god-send! I was still digging in the registry and the msdn site last night for a clue... Had I input the right keyword (TimeStampURL) in google, that would've solved my problem. But I was looking at the wrong place (msdn, which is a pretty useless site), also

Re: difference between authenticode certificate and normal certificate?

2005-07-28 Thread coco coco
Thanks for replying. From: Dr. Stephen Henson [EMAIL PROTECTED] I looked at this some time ago so this may not be up to date... There wasn't anything special about an authenticode certificate provided you didn't set the extensions to specifically exclude the usages. So a vanilla CA and EE

Re: difference between authenticode certificate and normal certificate?

2005-07-28 Thread Dr. Stephen Henson
On Thu, Jul 28, 2005, Dr. Stephen Henson wrote: On Thu, Jul 28, 2005, coco coco wrote: Ok, sounds simple enough, so I create a root CA with openssl, then sign a certificate for a fictitious user, which use that to sign an Office VBA (just some dummy stuff, doing nothing).

Re: difference between authenticode certificate and normal certificate?

2005-07-28 Thread coco coco
Just found a link which may help: http://www.thawte.com/support/code/msauth.html#timestamp Thanks a lot. Sorry to sound like a dumbass, but how do I put that information into the certificate when I signed it? :) I mean, how do I specify the URL of the tsa, which extension to use ? If

Re: difference between authenticode certificate and normal certificate?

2005-07-28 Thread Dr. Stephen Henson
On Thu, Jul 28, 2005, coco coco wrote: The problem is with signing Office macro, which has to use the stupid macro editor to do. And there is no place to insert an option for timestamping. All the information I get is that the editor will do it automatically, and somehow, that info for

Re: difference between authenticode certificate and normal certificate?

2005-07-28 Thread coco coco
Hmmm, I don't have access to the relevant tools for that. Do you have a sample signed macro or certificate that includes this information? hehe, I don't, that's why I can't figure out what to put in there. I tried different extensions, looked up all the stuff I can use in x509v3, to no

difference between authenticode certificate and normal certificate?

2005-07-27 Thread coco coco
Hi, Sorry if this is a bit OT, can someone explain what is the difference between an MS Authenticode certificate, a normal certificate, and a certificate for signing Netscape object? What are the bits and bytes that are different? I can't find info detailed enough to give a satisfactory

Re: difference between authenticode certificate and normal certificate?

2005-07-27 Thread Rich Salz
Sorry if this is a bit OT, can someone explain what is the difference between an MS Authenticode certificate, a normal certificate, and a certificate for signing Netscape object? The values in the keyUsage and extendedKeyUsage extensions. /r$ -- Rich Salz, Chief Security Architect

Re: difference between authenticode certificate and normal certificate?

2005-07-27 Thread Dr. Stephen Henson
On Wed, Jul 27, 2005, coco coco wrote: Hi, Sorry if this is a bit OT, can someone explain what is the difference between an MS Authenticode certificate, a normal certificate, and a certificate for signing Netscape object? What are the bits and bytes that are different? I can't find