Security improvement to Auto Update feature

iManage Work Desktop for Windows 10.3.0 and later provides enhanced security to the Auto Update feature by providing a signed update.ini file. This allows you to have the flexibility to customize the update.ini file but with added security that differentiates between a customized update.ini file and a compromised update.ini file. With this security upgrade, you have to generate signature files and verify these signature files based on a private key file, every time you edit the update.ini file. You can generate and verify these signature files using the ConfigFileSigner.exe utility.

NOTE:

Only users who host their update server should generate signature files and verify these signature files. For users using iManage auto update server, this process is performed automatically.
OpenSSL is used to generate the signatures and an OpenSSL environment variable must be available in the path or working directory. For users using iManage auto update server, this process is performed automatically.

To generate signature files and verify these files using the ConfigFileSigner.exe utility, do the following:

Ensure that the update server includes the following files:
- update.ini
- updateinfo.json
- imanageinstaller.ts1
- imanageinstaller.ts2
- imanageinstaller.ts3
- ConfigFileSigner.exe
- libcrypto-1_1.dll
- libssl-1_1.dll
- openssl.exe
- pubkey.crt
- pubkey.pem
- sign.txt
Run the following command to generate the signature file.

ConfigFileSigner.exe -sign <pathtoprivate.key> <pathToUpdate.ini>

This creates the sign.txt in the working directory by running the following command:

openssl.exe dgst -sha256 -sign \"" + sArgs[1] + "\" -out sign.txt \"" + sArgs[2] + "\".

Alternatively, you can also upload the new sign.txt, pubkey.pem, and pubkey.crt files to iManage Control Center. These files are downloaded to %ProgramData%\iManage\AgentServices\CentralizedConfigs by iManage Work Desktop for Windows and iManage Updater reads all information from this file.
Set the following registry key settings on the client machine to match the subject and the issuer.
- Location: HKEY_LOCAL_MACHINE\Software\iManage\AgentServices\AutoUpdate
- Key: Issuer
- Type: String (REG_SZ)
- Value: <Issuer value>
- Location: HKEY_LOCAL_MACHINE\Software\iManage\AgentServices\AutoUpdate
- Key: Subject
- Type: String (REG_SZ)
- Value: <subject value>
Run the following command to validate the signature file.

ConfigFileSigner.exe -verify <pathtopublickey.pem> <pathtosign.txt> <pathtopublickey.crt> <pathtoupdate.ini>

This creates the SigVerify.txt file by running the following command to verify if the signature for the update.ini file matches the update.ini file.

openssl.exe dgst -sha256 -verify \"" + sArgs[1] + "\" -signature \"" + sArgs[2] + "\" \"" + sArgs[4] + "\"

And then runs the following command to create the CrtVerify.txt file to verify the subject and issuer of the keys supplied. This file also contains the output values for both issuer and subject.

openssl.exe x509 -in " + sArgs[3] + " -text -out " + sOutputCrtFile

NOTE:

The SigVerify.txt and CrtVerify.txt are located in %ProgramData%\iManage\AgentServices\Logs.
The debug logs for the verify commands are logged to %temp%\SignerUtil.log. A typical successful log looks as follows:

8/25/2020 8:33:48 AM Could not find value for EnvVar OPENSSLPATH. Commands will expect openssl is in the PATH or in working directory
8/25/2020 8:33:48 AM Openssl dgst verify command executed. Verification was successful.
8/25/2020 8:33:49 AM Using iManage cert default issuer value
8/25/2020 8:33:49 AM Using iManage cert default subject value
8/25/2020 8:33:49 AM Comparison of issuers was a match. Proceeding
8/25/2020 8:33:49 AM Comparison of subjects was a match. Proceeding
8/25/2020 8:33:49 AM Verification of signed update.ini was successful.

Ensure matching OpenSSL and supporting files are available to match the MD5 check, if not, Auto Update will fail.
Set the registry data to match your subject and issuer values.
Do not place your private key in the server.