Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for December, 2017

Sign APPX packages with PowerShell

I have been working with Microsoft’s Desktop App Converter a lot recently. Even though there’s an option to autosign the resulting package with the -Sign switch I prefer to sign APPX packages myself using signtool.

The reason is that I can send UWP packages to testers for sideloading without requiring them to import the auto generated certificate (which is different on each (re)build).

However I always forget the exact path to signtool.exe (this comes with the Windows SDK).

The Windows 10 SDK is installed by default in C:\Program Files (x86)\Windows Kits\10.

Signtool.exe will be in the folder<sdkpath>\bin\<version>\<platform>\signtool.exe.

As there are multiple version of Windows 10 there are multiple version of the SDK and you can install those concurrently.

But then I found the PowerShell cmdlet Resolve-Path which “Resolves the wildcard characters in a path, and displays the path contents”.

This does exactly what I need:


Wow, Resolve-Path is a perfect example of the many hidden gems in PowerShell!

So I decided to wrap signtool.exe in a PowerShell cmdlet as PowerShell also makes it easy to locate the correct code signing certificate from the certificate store. (more…)

RAD Studio Tokyo 10.2(.2) Data Collection

Just a very quick note: I was just installing RAD Studio 10.2.2 when I noticed the installer has an Options button:


So I clicked it to see what options are available and noticed that the "Embarcadero Customer Experience Program" is opted-in by default:


This morning I wanted to install the NetScaler patch for the TLS padding vulnerability and of course I made a backup before deploying it.

Note: If you haven’t installed this patch yet I would recommended to do so: see CTX230238 and check out the ROBOT attack -Return Of Bleichenbacher’s Oracle Threat page to check which other products you may have that are vulnerable.

Upon checking the backups (I always download the backup and verify that the archive is intact) I noticed that one of my NetScaler’s uses SHA1 for the password hash whilst the other one uses SHA512:


I thought that this was a little strange as both NetScaler’s are running the exact same build. However one of them (the one that uses SHA512) was reinstalled recently whilst the one using SHA1 has been upgraded.