我正在尝试解析 WiX RemotePayload 哈希,但我不确定如何CertificatePublicKey
找到该属性。
例如,来自 WiX 3.6 源的 .NET 4.0 包定义:
<Fragment>
<util:RegistrySearchRef Id="NETFRAMEWORK40"/>
<WixVariable Id="WixMbaPrereqPackageId" Value="NetFx40Redist" />
<WixVariable Id="WixMbaPrereqLicenseUrl" Value="$(var.NetFx40EulaLink)" />
<PackageGroup Id="NetFx40Redist">
<ExePackage
InstallCommand="/q /norestart /ChainingPackage "[WixBundleName]""
RepairCommand="/q /norestart /repair /ChainingPackage "[WixBundleName]""
UninstallCommand="/uninstall /q /norestart /ChainingPackage "[WixBundleName]""
PerMachine="yes"
DetectCondition="NETFRAMEWORK40"
Id="NetFx40Redist"
Vital="yes"
Permanent="yes"
Protocol="netfx4"
DownloadUrl="$(var.NetFx40RedistLink)"
Compressed="no"
Name="redist\dotNetFx40_Full_x86_x64.exe">
<RemotePayload
Size="50449456"
Version="4.0.30319.1"
ProductName="Microsoft .NET Framework 4"
Description="Microsoft .NET Framework 4 Setup"
CertificatePublicKey="672605E36DD71EC6B8325B91C5FE6971390CB6B6"
CertificateThumbprint="9617094A1CFB59AE7C1F7DFDB6739E4E7C40508F"
Hash="58DA3D74DB353AAD03588CBB5CEA8234166D8B99"/>
</ExePackage>
</PackageGroup>
</Fragment>
来自wix36-sources\src\ext\NetFxExtension\wixlib\NetFx4.wxs
我可以找到 sha1 Hash
...fciv -sha1 dotNetFx40_Full_x86_x64.exe
58da3d74db353aad03588cbb5cea8234166d8b99 dotnetfx40_full_x86_x64.exe
CertificateThumbprint
我可以通过文件的属性对话框轻松找到匹配项,或者使用signtool
它显示以下输出
C:\redist>signtool verify /v /ph dotNetFx40_Full_x86_x64.exe
Verifying: dotNetFx40_Full_x86_x64.exe
Signature Index: 0 (Primary Signature)
Hash of file (sha1): 8E8582D10521962F45F33935C38A2412C4F2D4C7
Signing Certificate Chain:
Issued to: Microsoft Root Authority
Issued by: Microsoft Root Authority
Expires: Thu Dec 31 03:00:00 2020
SHA1 hash: A43489159A520F0D93D032CCAF37E7FE20A8B419
Issued to: Microsoft Code Signing PCA
Issued by: Microsoft Root Authority
Expires: Sat Aug 25 03:00:00 2012
SHA1 hash: 3036E3B25B88A55B86FC90E6E9EAAD5081445166
Issued to: Microsoft Corporation
Issued by: Microsoft Code Signing PCA
Expires: Mon Mar 07 18:40:29 2011
SHA1 hash: 9617094A1CFB59AE7C1F7DFDB6739E4E7C40508F
The signature is timestamped: Thu Mar 18 21:13:46 2010
Timestamp Verified by:
Issued to: Microsoft Root Authority
Issued by: Microsoft Root Authority
Expires: Thu Dec 31 03:00:00 2020
SHA1 hash: A43489159A520F0D93D032CCAF37E7FE20A8B419
Issued to: Microsoft Timestamping PCA
Issued by: Microsoft Root Authority
Expires: Sun Sep 15 03:00:00 2019
SHA1 hash: 3EA99A60058275E0ED83B892A909449F8C33B245
Issued to: Microsoft Time-Stamp Service
Issued by: Microsoft Timestamping PCA
Expires: Thu Jul 25 15:11:15 2013
SHA1 hash: 4D6F357F0E6434DA97B1AFC540FB6FDD0E85A89F
SignTool Error: The signing certificate is not valid for the requested usage.
This error sometimes means that you are using the wrong verification
policy. Consider using the /pa option.
Number of files successfully Verified: 0
Number of warnings: 0
Number of errors: 1
什么工具可以提供哈希CertificatePublicKey
?
编辑:不使用热量,我想了解哈希的来源。
编辑:我知道这是如何在 WiX 源代码中完成的并且我可以执行
heat payload file -out file.wxs
,但我正在寻找一些可以在不使用热量的情况下提供预期哈希的外部工具。这真的只是为了满足我的好奇心。