A.1 Electron

CORE provides integration with Electron Builder for general purpose code signing.

Note
Integration with Electron was verified only on Windows Server 2016.

A.1.1 Prerequisites

Before integrating with Electron, you must have the following prerequisites:

  1. CORE containing a partition with a certificate and signing key that will be used for signing.

  2. Copy CORE certificates to the Windows keystore, as explained here.

  3. Node.js v12.16.3 (LTS)

A.1.2 Electron Integration

For integration, a sample project is used that is configured to be built with Electron-builder.

  1. Find the details of the code signing certificate, including email address, location, state and country. You can locate it in CORE using the ucl list and ucl show -u <UID> commands.
  2. Download the sample project: https://github.com/unboundsecurity/electron-test-app-with-electron-builder
  3. In the project, edit the package.json build file.
    1. Find the win section.
    2. Add the field certificateSubjectName with values that match the installed certificate. For example:

      3. "win": {
      "target": "squirrel",
      "icon": "build/icon.ico",
      "certificateSubjectName": "E=<Email address>, CN=<Common name>, OU=<Organizational unit>, O=<Organization Name>, L=<Location>, S=<State>, C=<Country>"
      }

      See the Electron-builder documentation for more information about this field.

  4. Run the following command to install all dependencies.

    5. npm i

  5. Run the sample signing app.

    6. npm run dist

    Sample output:

    > electron-test-app-with-electron-builder@1.0.0 dist C:\Users\Administrator\Downloads\electron\electron-test-app-with-electron-builder-master
    > build
    electron-builder version=20.44.4
    loaded configuration file=package.json ("build" field)
    writing effective config file=dist\builder-effective-config.yaml
    no native production dependencies
    packaging platform=win32 arch=x64 electron=2.0.18 appOutDir=dist\win-unpacked
    default Electron icon is used reason=application icon is not set
    signing file=dist\win-unpacked\MyApp.exe subject=E=someemail@gmail.com, CN=DH CodeSign, OU=DH Certificate Authority, O=DH, L=Tel Aviv, S=Israel, C=IL thumbprint=495E2FF02FF250D9B23CCED512E7B821BD1D5689 store=My user=current user
    building target=Squirrel.Windows arch=x64 file=dist\squirrel-windows\MyApp Setup 1.0.0.exe
    signing file=C:\Users\ADMINI~1\AppData\Local\Temp\2\t-G1fKCA\squirrel-windows-0\Update.exe subject=E=someemail@gmail.com, CN=DH CodeSign, OU=DH Certificate Authority, O=DH, L=Tel Aviv, S=Israel, C=IL thumbprint=495E2FF02FF250D9B23CCED512E7B821BD1D5689 store=My user=current user
    signing file=C:\Users\ADMINI~1\AppData\Local\Temp\2\t-G1fKCA\1-stub.exe subject=E=someemail@gmail.com, CN=DH CodeSign, OU=DH Certificate Authority, O=DH, L=Tel Aviv, S=Israel, C=IL thumbprint=495E2FF02FF250D9B23CCED512E7B821BD1D5689 store=My user=current user
    signing file=dist\squirrel-windows\MyApp Setup 1.0.0.exe subject=E=someemail@gmail.com, CN=DH CodeSign, OU=DH Certificate Authority, O=DH, L=Tel Aviv, S=Israel, C=IL thumbprint=495E2FF02FF250D9B23CCED512E7B821BD1D5689 store=My user=current user

Verify signing by checking the log file ub-ekm-crypto.log on the Entry Point. You should see an entry like:

06-08-2020 08:38:03.137 partition=codesigning job=88ef478b61b75407 ktype=RSA key=abc9bb4073ab846d operation=SIGN rv=0 alg=PKCS1

Operations of type SIGN designate that signing occurred in the partition specified by partition.