How to Digitally Sign Microsoft Files (.exe, .cab, .dll, .ocx, .msi, .xpi)
2012-11-17 01:28
218 查看
Sometimes Unix system administrators may end-up managing few Windows servers. If that ever happens to you, be prepared to do some basic administrative tasks on Windows. In this article, let us discuss
how to sign microsoft executables and DLL.
Fig: Unknown Publisher Message (If not digitally signed)
If you select the file -> right-mouse click -> properties -> There will not be a ‘Digital Signature’ tab for those files that are not signed.
Fig: Digital Signatures Tab (For valid signed files)
verisign or
thawte.
During the purchase process, you’ll provide the following information:
Certification Information: Company name, Department, City, State, Country
Cryptographic service provider: Use the default Microsoft Enhanced Cryptographic Provider v1.0
Location to save the private key: During the certificate purchase process, you will be given an option to save the private key that was generated by the system.
Private key password
Fig: Select the file that needs to be digitally signed
Choose ‘custom’ in the digital signing options, as shown below.
Fig: Digital signing option
Choose ‘Select from File’ option from this screen, and select the digital certificate that you have purchased.
Fig: Select the digital certificate
Choose ‘Private key file on disk’ option and select the private key that was given to you when you purchased the digital certificate.
Fig: Choose the private key
Fig: Enter private key password
Choose ‘sha1′ as the hasing algorithm
Fig: Select a hash algorithm
Leave all the fields to default value in this screen.
Fig: Additional certificate information
Leave the description and web location field empty.
Fig: Data Description
Add the following timestamp service URL:
Fig: Add timestamp service url
This will successful sign the Microsoft executable with the digital signature. After the above steps, when you view the file properties, you’ll see the Digital-Signatures tab.
how to sign microsoft executables and DLL.
Why digitally sign executable and other windows files?
You will get the following ‘Unknown Publisher’ message when a file is not digitally signed.Fig: Unknown Publisher Message (If not digitally signed)
If you select the file -> right-mouse click -> properties -> There will not be a ‘Digital Signature’ tab for those files that are not signed.
Fig: Digital Signatures Tab (For valid signed files)
Purchase Microsoft Authenticode Certificates
You can purchase Microsoft authenticode certificate from eitherverisign or
thawte.
During the purchase process, you’ll provide the following information:
Certification Information: Company name, Department, City, State, Country
Cryptographic service provider: Use the default Microsoft Enhanced Cryptographic Provider v1.0
Location to save the private key: During the certificate purchase process, you will be given an option to save the private key that was generated by the system.
Private key password
Sign Using the Digital Signature Tool Wizard
Call the digital signature tool signtool.exe that is located in your Microsoft SDK toolkit as shown below.C:>"E:\Microsoft Platform SDK\Bin\signtool.exe" signwizard
Fig: Select the file that needs to be digitally signed
Choose ‘custom’ in the digital signing options, as shown below.
Fig: Digital signing option
Choose ‘Select from File’ option from this screen, and select the digital certificate that you have purchased.
Fig: Select the digital certificate
Choose ‘Private key file on disk’ option and select the private key that was given to you when you purchased the digital certificate.
Fig: Choose the private key
Fig: Enter private key password
Choose ‘sha1′ as the hasing algorithm
Fig: Select a hash algorithm
Leave all the fields to default value in this screen.
Fig: Additional certificate information
Leave the description and web location field empty.
Fig: Data Description
Add the following timestamp service URL:
http://timestamp.verisign.com/scripts/timstamp.dll
Fig: Add timestamp service url
This will successful sign the Microsoft executable with the digital signature. After the above steps, when you view the file properties, you’ll see the Digital-Signatures tab.
相关文章推荐
- How to Digitally Sign Microsoft Files (.exe, .cab, .dll, .ocx, .msi, .xpi)
- [zz]How to sign .EXE, .DLL and .CAB files?
- How to extract msu/msp/msi/exe files from the command line
- How to programmatically generate C# files from a DLL or EXE
- How to call DLL and LIB files (SDK)
- How To Create Patch Files for the MSDE 2000 Sample.msi File
- How to open MS word document from the SharePoint 2010 using Microsoft.Office.Interop.dll
- How to enable download EXE files from the Sharepoint website
- How to tell if a file is an EXE or a DLL?
- How can I use Microsoft Visual C++ 2010 to create MEX files with MATLAB 7.10 (R2010a)?
- How to Sign Android APK or Zip Files
- How to add or replace files within MSI file.
- How to generate DLL files by GCC in the MinGW?
- How to obtain Microsoft support files from online services
- How to create .lib file when you only have .dll and .h files
- How can I use Microsoft Visual C++ 2010 to create MEX files with MATLAB 7.10 (R2010a)?
- [转]How to copy Microsoft.ReportViewer.ProcessingObjectModel.dll to bin folder of your project
- How to Output a List of Files to a File and Sort Them in Linux
- 签名时出错: 未在路径 C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin\signtool.exe 找到 SignTool.exe
- [转]How to write dll