New Message Search Latest Redo
FoxPro Programming
Digitally Signing EXEs
Gravatar is a globally recognized avatar based on your email address. Digitally Signing EXEs
  Yonggu
  All
6VF1FFU6D
  Apr 8, 2024 @ 02:29am
Reply

All web connection DLLs and EXEs are digitally signed from version 7.02.

I also want to introduce it to my EXEs, but I need to figure out how to do it.

Can you show me the way?

Gravatar is a globally recognized avatar based on your email address. re: Digitally Signing EXEs
  Rick Strahl
  Yonggu
6VF0VLSOT
  Apr 8, 2024 @ 02:44pm
Reply

The process of signing is easy. Getting the certificate is a pain and may be expensive.

You basically want to get an Authenticode Code Signing Certificate.

Here's what I use:

I use the Commodo Basic Business certificate. The Basic Certificate only requires a DUNS number (for US businesses anyway) and business phone number that you needs to be verified with an automated call. The EV certificates are more expensive and add more rigorous business validation, and they can be a pain to get for small businesses because they require a bunch of verification, person phone calls and an interview with somebody who doesn't speak English well usually and so on.

The certificate creation process is a pain in the ass - you basically create a certificate request, get back a partial certificate that you have to merge with the private key you generated. There are several different certificates that are created in this process and it's confusing to keep track of what's what, if you don't understand how the basic cryptography works (I kind of do since I've done a few times, but not really). But the instructions are pretty good - just make sure you follow the instructions carefully and exactly.

Once you have a certificate you have to convert it into a Windows compatible certificate (using a .pem file) that you can install into the Windows certificate store (double click the cert and you can import it into the local and system stores). Recent versions of Windows actually allow installing of CRT files.

Once installed you can export as a PEM file to save the certificate (so you can install it elsewhere if necessary and back it up).

Finally to actually sign your code you can use the Windows SDK SignCode.exe executable. I usually call it from a Powershell installer/build script like this:

& ".\signtool.exe" sign /v /n "West Wind Technologies"  /tr "http://timestamp.digicert.com" /td SHA256 /fd SHA256 ".\Distribution\MarkdownMonster.exe"

/n is the business name you provided when you created the certificate.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Digitally Signing EXEs
  Yonggu
  Rick Strahl
6VF0XI9LL
  Apr 8, 2024 @ 03:38pm
Reply

It's amazing.

I can't even think about it.

I will take my time and do it step by step.

Thanks a lot.

© 1996-2024