Electron-builder: [Auto-Update Windows] Error: New version x.x.x is not signed by the application owner

Created on 6 Aug 2017  ·  15Comments  ·  Source: electron-userland/electron-builder


  • Version: 19.19.1

  • Target: win (nsis ia32 and x64)



It seems that "Sign verification" failed for auto-update on Windows when the certificate owner content accents or special chars.

Il my case the certificat owner is fake name with é char and then content a "é" char !

My app-update.yml publisherName is : fake name with \xC3\xA9 char
And the electron-auto-updater logs display the certificate Subject like this : fake name with � char

For now, I use this workaround to make the auto-update works : I set "publisherName": "fake name with � char" in the package.json build settings for windows.

backlog electron-updater help wanted investigate windows
Source
picture popod
👍4

All 15 comments

Please attach full error — with all details as reported. Maybe I will be able to reproduce, but full report can help me also :)

develar picture develar on 6 Aug 2017

@develar Thanks for reply. Here is the full electron-auto-updater logs:

[2017-08-05 17:41:30:0146] [info] Checking for update
[2017-08-05 17:41:32:0605] [info] Found version 0.1.1 (url: https://download.myproject.ch/win/MyProject Setup 0.1.1.exe)
[2017-08-05 17:41:32:0605] [info] Downloading update from https://download.myproject.ch/win/MyProject Setup 0.1.1.exe
[2017-08-05 17:42:23:0131] [info] Sign verification failed, installer signed with incorrect certificate: {
  "SignerCertificate": {
    "FriendlyName": "",
    "IssuerName": {
      "Name": "CN=StartCom Class 2 Object CA, OU=StartCom Certification Authority, O=StartCom Ltd., C=IL",
      "Oid": "System.Security.Cryptography.Oid"
    },
    "NotAfter": "/Date(1539415769000)/",
    "NotBefore": "/Date(1476343769000)/",
    "PrivateKey": null,
    "PublicKey": {
      "Key": "System.Security.Cryptography.RSACryptoServiceProvider",
      "Oid": "System.Security.Cryptography.Oid",
      "EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData",
      "EncodedParameters": "System.Security.Cryptography.AsnEncodedData"
    },
    "SerialNumber": "...",
    "SignatureAlgorithm": {
      "Value": "1.2.840.113549.1.1.11",
      "FriendlyName": "sha256RSA"
    },
    "Thumbprint": "...",
    "Version": 3,
    "Issuer": "CN=StartCom Class 2 Object CA, OU=StartCom Certification Authority, O=StartCom Ltd., C=IL",
    "Subject": "CN=S�bastien Monney, L=V�rone, S=Valais, C=CH"
  },
  "TimeStamperCertificate": null,
  "Status": 0,
  "StatusMessage": "Signature verified."
}
[2017-08-05 17:42:23:0147] [error] Error: Error: New version 0.1.1 is not signed by the application owner: {
  "SignerCertificate": {
    "FriendlyName": "",
    "IssuerName": {
      "Name": "CN=StartCom Class 2 Object CA, OU=StartCom Certification Authority, O=StartCom Ltd., C=IL",
      "Oid": "System.Security.Cryptography.Oid"
    },
    "NotAfter": "/Date(1539415769000)/",
    "NotBefore": "/Date(1476343769000)/",
    "PrivateKey": null,
    "PublicKey": {
      "Key": "System.Security.Cryptography.RSACryptoServiceProvider",
      "Oid": "System.Security.Cryptography.Oid",
      "EncodedKeyValue": "System.Security.Cryptography.AsnEncodedData",
      "EncodedParameters": "System.Security.Cryptography.AsnEncodedData"
    },
    "SerialNumber": "...",
    "SignatureAlgorithm": {
      "Value": "1.2.840.113549.1.1.11",
      "FriendlyName": "sha256RSA"
    },
    "Thumbprint": "...",
    "Version": 3,
    "Issuer": "CN=StartCom Class 2 Object CA, OU=StartCom Certification Authority, O=StartCom Ltd., C=IL",
    "Subject": "CN=S�bastien Monney, L=V�rone, S=Valais, C=CH"
  },
  "TimeStamperCertificate": null,
  "Status": 0,
  "StatusMessage": "Signature verified."
}
    at C:\Users\IEUser\AppData\Local\Programs\myproject\resources\app.asar\node_modules\electron-updater\src\NsisUpdater.ts:73:13
    at Generator.next (<anonymous>)
    at FSReqWrap.CB [as oncomplete] (C:\Users\IEUser\AppData\Local\Programs\myproject\resources\app.asar\node_modules\fs-extra\lib\remove\rimraf.js:57:5)
From previous event:
    at NsisUpdater.doDownloadUpdate (C:\Users\IEUser\AppData\Local\Programs\myproject\resources\app.asar\node_modules\electron-updater\out\NsisUpdater.js:134:11)
    at C:\Users\IEUser\AppData\Local\Programs\myproject\resources\app.asar\node_modules\electron-updater\src\AppUpdater.ts:274:25
    at Generator.next (<anonymous>)
From previous event:
    at NsisUpdater.downloadUpdate (C:\Users\IEUser\AppData\Local\Programs\myproject\resources\app.asar\node_modules\electron-updater\out\AppUpdater.js:325:11)
    at C:\Users\IEUser\AppData\Local\Programs\myproject\resources\app.asar\node_modules\electron-updater\src\AppUpdater.ts:248:49
From previous event:
    at NsisUpdater.doCheckForUpdates (C:\Users\IEUser\AppData\Local\Programs\myproject\resources\app.asar\node_modules\electron-updater\out\AppUpdater.js:295:11)
    at C:\Users\IEUser\AppData\Local\Programs\myproject\resources\app.asar\node_modules\electron-updater\src\AppUpdater.ts:201:25
    at Generator.next (<anonymous>)
    at runCallback (timers.js:672:20)
    at tryOnImmediate (timers.js:645:5)
    at processImmediate [as _immediateCallback] (timers.js:617:5)
From previous event:
    at NsisUpdater._checkForUpdates (C:\Users\IEUser\AppData\Local\Programs\myproject\resources\app.asar\node_modules\electron-updater\out\AppUpdater.js:254:11)
    at NsisUpdater.checkForUpdates (C:\Users\IEUser\AppData\Local\Programs\myproject\resources\app.asar\node_modules\electron-updater\src\AppUpdater.ts:164:35)
    at App.<anonymous> (C:\Users\IEUser\AppData\Local\Programs\myproject\resources\app.asar\dist\main.js:1:1129)
    at emitTwo (events.js:111:20)
    at App.emit (events.js:194:7)

See the "Subject" line who should be:

    "Subject": "CN=Sébastien Monney, L=Vérone, S=Valais, C=CH"
popod picture popod on 6 Aug 2017

I found an error by reading the code (but it do not resolve this issue).

For the following, I assume that the subject field in the certificat file is fake name with é char. Other important information: I'm building the application on a mac with macOS Sierra.

Without publisherName in the package.json, the certificat informations (the subject field) are used. The result is an app-update.yml file with this value for publisherName : fake name with \xC3\xA9 char.

But when we set "publisherName": "fake name with é char" in the package.json, the result in app-update.yml is : fake name with é char.

So, if the certificate contain special chars, the values are not the same if we explicitly set publisherName or let electron-builder get this value for us by parsing the certificate file. It seems that the error is in computedPublisherName() in /src/winPackager.ts.

popod picture popod on 6 Aug 2017

I also catch this error, have anything news?

yhostc picture yhostc on 26 Aug 2017

Same here! The updater works fine with mac build but it looks to fail with Windows 8/10 - Builder version 19.28.4

Jerczu picture Jerczu on 15 Sep 2017

Maybe it's worth to mention that in my case windows sdk signtool verifies the signed file as ok.
Also the powershell Get-AuthenticodeSignature verifies it.

Jerczu picture Jerczu on 15 Sep 2017

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] picture stale[bot] on 2 Jul 2019

I need to test, but I think that this is still a problem..

@Jerczu have you accents in your certificate name too ? Have you resolve this issue ?

popod picture popod on 2 Jul 2019

We have this issue as well. In our case we have non-ascii characters for the company name. Perhaps that causes matching check.

ashchan picture ashchan on 5 Aug 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] picture stale[bot] on 4 Oct 2019

This is still an issue and should not be closed..

popod picture popod on 4 Oct 2019

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

stale[bot] picture stale[bot] on 3 Dec 2019

This is still an issue and should not be closed..

popod picture popod on 3 Dec 2019
👍1

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

stale[bot] picture stale[bot] on 1 Feb 2020
👎1

This is still an issue and should not be closed..

tobiasmuecksch picture tobiasmuecksch on 3 Oct 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

lbssousa picture lbssousa  ·  3Comments
alexstrat picture alexstrat  ·  3Comments
JohnWeisz picture JohnWeisz  ·  3Comments
StickNitro picture StickNitro  ·  3Comments
omarkilani picture omarkilani  ·  3Comments