Code digital signing is the process mark a file (executables, dlls or other runnable files) as genuine so the file is not modified or altered. The file that is properly signed can be trusted which means that it is from the trusted organisation and is virus/malicious_code-free. As a commercial company or organization, people expect you to do this. The Code digit sign for Microsoft executables and Java are different. The following gives a quick tutorial on code signing process on *.EXE and *.DLL (Microsoft)
I assume that you already have a Microsoft Authenticode, Microsoft Office, Adobe Air Code Signing certificate. You must use the same computer and browser used when you requested the certificate. Please use the pickup link to install your certificate first. Please make sure that you only use Internet Explorer to open the pickup link. And when the certificate is installed, go to Internet Options and Navigate to Content Tab. Click the certificates.
certificates-ssl-internet-explorer-pickup-link
Click the corresponding Certificate (if it is not there, the pickup step isn’t done correctly). Once you select the corresponding certificate, click the export button.
pfx-export
And follow the exporting certificate wizard. Make sure you also export the private key, which is necessary to export to a PFX file.
pfx-export-wizard-yes-private-key-plz
Make sure you tick the option [Include all certificates paths if possible]
pfx-export-wizard-yes-private-key-plz-pkcs12
You should at this stage, specify a password.
pfx-export-with-password
And then the next step is just to give the output filename (*.pfx).
pfx-export-wizard-confirmation
With this PFX file (PKCS12 format), you can use the signtool from Microsoft, which is located at e.g. C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\signtool.exe
Now, you can create a batch file to put all the correct parameters for signtool.exe.
@echo off :: sign.bat :: helloacm.com signtool.exe sign /f export.pfx /p PASSWORD /t http://timestamp.verisign.com/scripts/timstamp.dll /du https://helloacm.com %1
You can also have another script to look for all *.exe, *.dll and sign all of them.
@echo off :: helloacm.com for /R %1 %%g in (*.dll, *.exe) do ( echo Signing the file "%%g" ... sign.bat "%%g" )
When the file is signed, you can right click and see its [digital certificate] tab.
digital-sign-file-ok-tab
digital-sign-file-ok
You could also use the third party tool sigcheck to verify this: [download here] sigcheck tool download
sigcheck
–EOF (The Ultimate Computing & Technology Blog) —
loading...
Last Post: SQL Coding Exercise - Duplicate Emails
Next Post: The Online Linux Figlet Tool
