Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error - Failed to verify signature. Signature might have been tampered with. #32

Open
RezowanTalukder opened this issue Jun 1, 2021 · 7 comments
Open

Error - Failed to verify signature. Signature might have been tampered with. #32

RezowanTalukder opened this issue Jun 1, 2021 · 7 comments

Comments

@RezowanTalukder
Copy link

ZXPSignCmd certificate varification failed

Certificate is created successfully and zxp package as well. but while i try to verify it shows this error. Error - Failed to verify signature. Signature might have been tampered with.

Can anyone help me out from where this error coming?

image
@ErinFinnegan
Copy link
Contributor

Hi there!

So, a .gitignore and other invisible files can sometimes cause this problem. Once signed, the zxp isn't supposed to be edited, which would cause a failure. Sometimes a nodejs module can cause problems.

You can try a different timestamp server to see if it makes a difference. Also, read this thread and see if it's helpful.

🤔 I'm not sure signing on an M1 will work (we're working on getting a new build, as well as other installation methods). Are you using a Mac with Apple Silicon?

@mason-smith
Copy link

🤔 I'm not sure signing on an M1 will work (we're working on getting a new build, as well as other installation methods). Are you using a Mac with Apple Silicon?

@ErinFinnegan - Wanted to add some insight, hope it is helpful. I previously built my plug-in on an Intel Mac. It worked for all Intel Mac and Windows users, but consistently failed for users with M1 chips with the error "ERROR Signature verification failed". I then built the plugin on Mac with Apple Silicon and so far have not seen any issues. Hope that's useful somehow!

@ErinFinnegan
Copy link
Contributor

Lately signing on different operating systems definitely yields different results. 😖 There's a Windows bug blocking self-signing for some people...

@mason-smith
Copy link

mason-smith commented Mar 4, 2022
edited
Loading

Dang, sounds like a rough task :/

Is there a public thread / channel I can follow to stay up to date RE cross-platform signing issues? Or I can just check release notes :p

@ErinFinnegan
Copy link
Contributor

Most of the conversation is in the CEP issues: https://github.com/Adobe-CEP/CEP-Resources/issues?q=signature

You could sign up for the monthly~ish Creative Cloud Developer newsletter (currently written and sent primarily by me). When there's a new ZXPSignCmd build I do mention it in the newsletter.

When I do get release notes with a build I've been posting them in the ZXPSign repo: https://github.com/Adobe-CEP/CEP-Resources/blob/master/ZXPSignCMD/4.1.2/ReleaseNotes.md

It's a bit tricky, in that the larger ZXPSign is used internally by teams at Adobe, but the tiny ZXPSignCmd portion used by third parties is not well understood.

The newer UXP APIs that are slated to slowly replace CEP over time do away with the signing process, thankfully.

@ErinFinnegan
Copy link
Contributor

ErinFinnegan commented Apr 8, 2022
edited
Loading

OK, so, this has come up a couple of times, here's an update:

The issue

  • A developer has reported an issue in Photoshop & AI (Illustrator) when they tried to download an asset from their server with Https.get using self-signed certificate authorization. However the same plugin has found to be working fine with ID (InDesign).
  • We found below errors when pswidget is using self-signed certificate authorization in Https.get to download an asset. Node doesn't allow the self-signed certificate authorized connections. It is recommended to use a proper SSL Cert from a trusted source. Although for development we could use a few flags for node to bypass these checks(Try: rejectUnauthorize = false; Check https://stackoverflow.com/questions/45088006/nodejs-error-self-signed-certificate-in-certificate-cha... )
            In apiManager.js
            Error: self signed certificate
            at TLSSocket.onConnectSecure (node:_tls_wrap:1531)
            at TLSSocket.emit (node:events:378)
            at TLSSocket._finishInit (node:_tls_wrap:945)
            at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:719)
  • ID on the other hand is pointing to web version of this plugin embedded inside an iframe, which is a totally different flow.

Conclusion:

  • Please use a trusted certificate in production & try rejectUnauthorize = false for development purposes to bypass this problem.

@EarlyVision
Copy link

Possible solution... had this issue and the problem was a little hidden file in the node-modules. I was doing that on Windows, so an easy way to identify the hidden file is to rung the dir command as follows: dir /A:H /B /s this will point you to the problematic file, once I got rid of it (was not a critical one, otherwise make unhidden), issue solved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ErinFinnegan @mason-smith @RezowanTalukder @EarlyVision