Re: Programmatically Signing DLL

From: Richard Parker (googlegroups@expressive.ltd.uk)
Date: 01/15/03 

From: googlegroups@expressive.ltd.uk (Richard Parker)
Date: 15 Jan 2003 08:52:03 -0800

"Michel Gallant (MVP)" <neutron@istar.ca> wrote in message news:<3E244972.D63E19CD@istar.ca>...

> I assume you *don't* want to invoke a separate process via ShellExecute(..) or system(...) with
> signcode -spc etc.... ??

Well no I don't, I want someone who may not be that technical to be
able to take a floppy or CD from a safe somewhere with certificate and
key on it and sign a .DLL before it goes into production. The
application that does the signing would upload the DLL to the server
after it had been signed. I don't want anyone to have to install the
INETSDK or be able to replace signcode deliberately, or accidentally
(why is signcode.exe NOT SIGNED???).

> I think that spc and pvk (proprietary format) are ONLY supported by the signcode.exe
> tool.

Well someone must have had a subroutine at least to write signcode.exe
in the first place. Don't Microsoft use their own SDKs?
 
> If you insist on using local files (instead of direct access of keys/cert in system stores)
> for the keys/cert, then probably a better approach is to use a .pfx (pkcs12) file, which
> holds both keys and cert. CAPICOM, again, has excellent support for this;
> e.g. some relevant VBScript code:
> Dim Signer, SignedCode
> Set SignedCode = CreateObject("CAPICOM.SignedCode")
> Set Signer = CreateObject("CAPICOM.Signer")
> ....
> Signer.Load PFXFileName, PFXPassword
> SignedCode.FileName = filetosign
> ' set other SignedCode properties ....
> SignedCode.Sign Signer

Yes, I've seen that code. What I need is to know:

What kind of certificate do we need to buy to allow programmatic
signing and validation of a DLL using VC++. There can be no additional
components needed for validation (this is going to be deployed on over
100,000 desktop PCs) and ideally no additional components needed for
signing. The OS is W2K and XP.

We are about to embark on the process of buying certificates from
Thawte - I don't want to advise my client incorrectly.

Regards,

Richard Parker

Relevant Pages

  • Re: Programmatically Signing DLL
    ... Authenicode signing adds ~ 1 kbyte of data, it wouldn't be a big deal to ... > What kind of certificate do we need to buy to allow programmatic ... IE5+ can properly verify the validity of an Authenticode signature (build into ... As I mentioned before, the CAPICOM install is a no-brainer, fast install, no reboot ...
    (microsoft.public.security)
  • Re: Hi, Any work around for windows mobile 6 dynamic loading warni
    ... xml file is named _setup.xml (ensure you include the underscrore as the ... Then included the dll during runtime. ... your only option is to purchase a code signing certificate from the ...
    (microsoft.public.dotnet.framework.compactframework)
  • Re: .NET 2.0: code access security / authentication
    ... > There are two types of code signing used for .NET assemblies: ... > signing and authenticode signing. ... > publisher" issue is authenticode signing, ... you need a code signing certificate ...
    (microsoft.public.dotnet.security)
  • Re: Problem with code signing for Windows Mobile 5
    ... >I'm having a problem with signing a driver and load it on a Windows ... > 4.For the Certificate property, ...
    (microsoft.public.pocketpc)
  • Re: Hi, Any work around for windows mobile 6 dynamic loading warning message ?
    ... the a dll into windows mobile 6, ... publisher. ... In general you can not avoid this prompt without signing your DLL, unless your deployment scenario and device selection enables you to change to a less restrictive device security model. ...
    (microsoft.public.dotnet.framework.compactframework)