Signing a Java JAR file with a Microsoft Authenticode Code Signing Certificate

March 1, 2014 Comments off

You already have a Microsoft Authenticode code signing certificate from Verisign/Symantec
and now you want to sign Java JAR files.  Can you re-use your Microsoft Authenticode certificate?  As of this writing, Yes.

If you do not already have your current Authenticate code signing certificate exported as a .pfx file, then export your certificate and private key from your Windows Certificate Manager:

  1. Start->Run: certmgr.msc
  2. Select your existing Code Signing Certificate.
  3. Right-click:  All Tasks -> Export …
  4. Welcome Screen: Next>
  5. Export Private Key: Yes, export the private key.  Next>
  6. Export File Format: Personal Information Exchange -PKCS #12(.PFX)
    • Yes: Include all certificates in the certification path if possible.
    • No: Delete the private key if the export is successful.
    • Yes: Export all extended properties.
    • Next>
  7. Password:  Specify a strong password.  Next>
  8. File to Export: Specify a file path for exporting your certificate.  Next>
  9. Completing the Certificate Export Wizard:  Finish
  10. You should now have your .pfx file.

To sign your JAR file:

  1. Retrieve the Alias Name from your .pfx file:
    "C:\Program Files\Java\jdk1.7.0_51\bin\keytool.exe" -list 
        -storetype pkcs12 -keystore mycertificate.pfx -v

    Near the top of the output, locate the line:

    Alias name: {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
  2. Sign your JAR files using the .pfx file and the correct alias name:
    "C:\Program Files\Java\jdk1.7.0_51\bin\jarsigner.exe" -storetype pkcs12
        -keystore mycertificate.pfx myjarfile.jar 
        "{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}"
        -tsa https://timestamp.geotrust.com/tsa

    Password: Specify the password that you used when exporting the *.pfx file.

  3. Verify the signature:
    "C:\Program Files\Java\jdk1.7.0_51\bin\jarsigner.exe" -verify 
        -verbose -certs myjarfile.jar

References:

Advertisements
Categories: Programming, Windows

Python: Porting a C extension from Python 2 to Python 3.

May 13, 2012 Comments off

Several of Python’s internal API’s were removed from Python3.  PyString_* has been replaced with PyUnicode_* and PyByte_*.  PyInt_* has been replaced with PyLong_*.   Several other internal structures have changed including the Module definition.

The following link describes mechanisms for building a C extension against both Python 2 and Python 3:

http://python3porting.com/cextensions.html

Categories: Uncategorized

Windows: Removing a Plug and Play driver from the driver store.

November 21, 2011 Comments off

When an OEM kernel driver is installed in Windows, driver files are typically installed to the following locations:

  • \Windows\inf\ – the .inf file is renamed to oem#.inf
  • \Windows\System32\drivers\

To remove a particular .inf file and related files, see the following article:

On Vista and later, the driver is also added to the Windows Driver Store located in:

  • \Windows\System32\DriverStore

The oem.inf filename for a particular driver can be found by enumerating all of the OEM drivers in the Driver Store.

To enumerate the plug-and-play drivers, from a Windows cmd prompt opened in administrator mode, run:

  • pnputil.exe –e

To remove a particular OEM driver from the driver store use:

  • pnputil.exe -d oem#.inf

Reference:

Categories: Programming, Windows

Link: Optimizing software in C++

September 24, 2011 Comments off

A set of articles related to software optimization:
http://www.agner.org/optimize/
Particularly relevant is the article on C++ optimization:
http://www.agner.org/optimize/optimizing_cpp.pdf

These links were recently highlighted in Microsoft’s MSDN enews.  Interestingly enough, for obvious reasons, the C++ optimization article is pretty clear in recommending that you avoid .NET and Java for anything requiring performance.

Categories: Programming

Six phases of a big project

September 5, 2011 Comments off

This one has been around for generations, it still makes me smile.  A good Project Manager is definitely needed to keep expectations realistic and to keep the project moving productively.

The six phases of a big project:

1. Enthusiasm,
2. Disillusionment,
3. Panic and hysteria,
4. Search for the guilty,
5. Punishment of the innocent, and
6. Praise and honor for the nonparticipants.

Reference:

Categories: Humour

Windows: Importing a certificate for a service

April 30, 2011 2 comments

Windows has several different certificate stores.  Using certmgr.msc allows a certificate to be installed for the current user.

However; to make a certificate available to services and other process that run under the Local System or Local Service accounts, you must import the certificate into the the Local Computer store.

To import the certificate, set up a connection the the local computer’s certificate store:

1. Start -> Run: mmc.exe
2. Menu: File -> Add/Remove Snap-in…
3. Under Available snap-ins, select Certificates and press Add>.
4. Select Computer Account for the certificates to manage.  Press Next.
5. Select Local Computer and press Finish.
6. Press OK to return to the management console.

Then, import the certificate:
1. Select: Console Root -> Certificates (Local Computer)
2. Continue and select: Trusted Root Certification Authorities -> Certificates.
3. Right click on Certificates and select All Tasks -> Import…
4. Follow the import wizard and import your certificate normally.

References:

Categories: System Admin, Windows

Debian: Building a Linux Kernel from Git

March 6, 2011 Comments off

Building within Debian; steps for building a custom kernel directly from Linus’ Git repository.

Requires

  • Git: apt-get install git
  • Compiler and build tools:  apt-get install build-essential
  • ncurses library for menuconfig:  apt-get install libncurses5-dev

Download the Kernel Source

Download the linux git repository to your ~/linux-2.6.git directory.

cd ~
git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git linux-2.6.git
cd linux-2.6.git

Check out a particular kernel version

To list the available kernel version tags:

git tag

Check-out a particular kernel version to compile:

git checkout -b AcerAspire_v2.6.35 v2.6.35

Configure the Kernel

Select the desired kernel options:

make menuconfig

The resulting config file is saved to .config.

Note:  Unless you know your hardware very well, creating a .config file from scratch is a very daunting task.  It is much better to start with an existing .config file from your existing kernel version source package or from another platform that is as close as possible to your desired configuration.

Save a copy of the config file in your repository so that you don’t lose it:

cp .config AcerAspire.config
git add AcerAspire.config
git commit -m “Save custom kernel config file.”

Compile the kernel for use with Debian:

make clean
make KDEB_PKGVERSION=custom.1.0  deb-pkg

Install the kernel

cd ..
ls -al *.deb
dpkg -i linux-image-2.6.35*.deb
update-grub

Reboot to try the new kernel.

Clean up:

Clean out build files:

make clean

Clean out all generated files including the .config file:

make distclean

References:

Categories: Linux