Signed PB exe causes exe's within it to become unsigned

jak68 · May 21, 2015, 6:08pm

Hello all,

I managed to create a PB exe package and signed it with an incommon code signing certificate. It works; the exe output file shows my company as the publisher.
However, the package includes a signed exe file from another company (which I launch at the end of my PB extraction exe), and THAT exe suddenly becomes UNSIGNED (publisher = unknown) when I include it in my PB exe.
How can I prevent any exe’s in my PB package not to lose their code signage?

thanks!
jay

gdgsupport · May 22, 2015, 8:41pm

This is strange because if the unpacked file differs from the original file, the unpacking routine will fail because the CRC32 checksum is different. In your case, the unpacked EXE should differ from the original since Windows tells you that the EXE is unsigned.
Can you use the shipped CRC32 checksum feature of Paquet Builder so compare the CRC32 of both files? Original and unpacked.

jak68 · May 26, 2015, 3:40pm

Hi - thanks for the quick response.
Well, here’s the curious thing. After unpacking, if I examine the exe that was unpacked, (right click, properties, signatures tab), you can actually see that it is signed by the original software company). However if you run it, it does say ‘unknown publisher’. Why would that be? Even though it does have a signature file in its properties and it is recognized properly if you download the same file outside of PB?
Another puzzle: soon as you examine the certificate file (ie, right click, properties, signatures tab, details button), then close out everything and launch it, it DOES show up as signed (publisher=the software company) properly.
Why would simply examining its certificate (and not making any other changes) cause it to suddenly be recognized by windows?
Any help or ideas would be greatly appreciated!
j

jak68 · May 26, 2015, 3:45pm

One other thing that may help:
This person at the link below basically seems to be having the exact same issue that I’m having:

http://serverfault.com/questions/350397/unknown-publisher-on-digitally-signed-exe

Also this response at a faq online may point to a possible issue re: windows SDK 7?
http://www.advancedinstaller.com/user-guide/faq-misc.html#question120

jak68 · May 26, 2015, 4:53pm

Ok, one other note. This issue does not happen in Win 8. In Win 8 (that is, Desktop IE in win 8), the packaged EXE does come up with the correct publisher!

gdgsupport · June 4, 2015, 4:30pm

It’s not a bug of Paquet Builder.

Which certificate authority did you purchase your certificate from? If this CA is recent, then Windows Vista has probably not the certificate authority’s root. So Vista will show Unknown Publisher, even if the EXE is signed.