Skip to content
/ HTTPCodeSigner Public

HTTPCodeSigner is a web API for digitally signing Windows executable files (`.exe`) using a configured certificate. It is designed for secure environments and requires an API key for access.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

BadWolf97/HTTPCodeSigner

BranchesTags

Repository files navigation

HTTPCodeSigner

HTTPCodeSigner is a web API for digitally signing Windows executable files (.exe) using a configured certificate. It is designed for secure environments and requires an API key for access.

Features

  • Digitally sign uploaded .exe files using a PKCS#11-compatible certificate
  • API key protection
  • Configurable signing parameters via appsettings.json

Requirements

  • .NET 10
  • osslsigncode installed on the server (Linux)
  • A valid certificate, USB-Dongle and PKCS#11 module

Initialisation Steps for Certum HSM

These steps are based on the defguard.net guide:

  1. Install required system software: 
    sudo apt install opensc opensc-pkcs11 libpcsclite-dev pcscd libacsccid1 libengine-pkcs11-openssl osslsigncode
  2. Download and extract proCertumCardManager: 
    mkdir /srv/codesign/
cd /srv/codesign/
wget https://www.files.certum.eu/software/proCertumCardManager/Linux-Ubuntu/2.2.11/proCertumCardManager-2.2.11-x86_64-ubuntu.bin
./proCertumCardManager-2.2.11-x86_64-ubuntu.bin --keep
mv dist certum
# Optionally create symlinks for the PKCS#11 library
ln -s /srv/codesign/certum/cryptoCertum3PKCS-3.0.6.69-MS.so /usr/lib/libcrypto3PKCS.so
ln -s /srv/codesign/certum/cryptoCertum3PKCS-3.0.6.69-MS.so /usr/lib/libcryptoCertum3PKCS.so
  3. Verify HSM and certificate visibility: 
    pkcs11-tool --module /srv/codesign/certum/sc30pkcs11-3.0.6.68-MS.so --login --list-objects
# Enter your PIN when prompted. Note the key ID for signing.
  4. Test code signing manually: 
    osslsigncode sign \
  -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.68-MS.so \
  -certs /srv/codesign/certificate.pem \
  -key <KEY_ID> \
  -pass <PIN> \
  -h sha256 \
  -t http://time.certum.pl/ \
  -in yourfile.exe \
  -out yourfile-signed.exe

Getting Started

Configuration

Edit the appsettings.json file to provide your signing configuration:

"Signing": {
  "ApiKey": "your-api-key",
  "CertificatePath": "/path/to/certificate.pem",
  "PkcsModulePath": "/path/to/pkcs11.so",
  "CertificatePIN": "your-pin",
  "CertificateId": "your-cert-id",
  "TimeServer": "http://time.certum.pl/"
}

Running the Application

  1. Build and run the project: 
    dotnet run --project HTTPCodeSigner.csproj
  2. The API will be available at http://localhost:<port>/sign.

Signing a File

Send a PATCH request to /sign with the following form data:

  • File: The .exe file to sign
  • apiKey: Your API key

Example using curl:

curl -X PATCH "http://localhost:<port>/sign" \
  -F "File=@yourfile.exe" \
  -F "apiKey=your-api-key" --output signed.exe

Contributing

Contributions are welcome! Please follow these steps:

  1. Fork the repository
  2. Create a new branch for your feature or bugfix
  3. Make your changes and commit them
  4. Open a pull request describing your changes

Please ensure your code follows the existing style and includes appropriate documentation.

License

This project is licensed under the MIT License. See the LICENSE file for details.

About

HTTPCodeSigner is a web API for digitally signing Windows executable files (`.exe`) using a configured certificate. It is designed for secure environments and requires an API key for access.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages