SignEXE Method

wodCrypt ActiveX Control - SignEXE Method

SignEXE Method

Description

Creates digital signature of the executable

Return Type

None

Syntax

object.SignEXE Data, OutBlob, TimestampURL, Description, URL

The SignEXE Method syntax has these parts:

Part	Description
object	An expression evaluating to an object of type wodCrypt.
Data	Required. A Blob object. Contains data to be signed.
OutBlob	Required. A Blob object. Contains blob where signed file will be saved.
TimestampURL	Optional. A Variant value. Holds URL to timestamp service.
Description	Optional. A Variant value. Holds custom description of signed file.
URL	Optional. A Variant value. Holds URL that is related to signed file.

Remarks

The SignEXE method can be used to sign executables using Microsoft Authenticode Technology. This technology identifies the publisher of signed software and verifies that it hasn't been tampered with. wodCrypt can easily produce those signatures, assuming you have code signing digital certificate.

In order to sign the executable (or the DLL), you should

1. Load your certificate and the private key

Dim cert As New Certificate
cert.LoadKey "path to your private.key"
cert.Load "path to your certificate.cer"

2. Define FileBlob for original file, and FileBlob for destionation (signed) file

Dim srcfile As New FileBlob
srcfile.FileName = "C:\windows\notepad.exe"

Dim destfile As New FileBlob
destfile.FileName = "C:\windows\signed.exe"

3. Pass those references to wodCrypt

Set Crypt1 = New wodCryptCom
Crypt1.SecretKey = cert
Crypt1.SignEXE srcfile, destfile, "http://timestamp.verisign.com/scripts/timstamp.dll", "My description", "http://my.url.com"

Result of above code is signed file saved as C:\windows\signed.exe . If you go to explorer and right-click on that file, and select 'Properties', you should see that new 'Digital Signature' tab has appeared, where 'Digital signature is OK' is shown. Any changes to the file will cause this signature to be removed, or to show text that 'Signature is invalid'.

You should provide TimestampURL during digital signature to have your signature signed for specific date. This is actually important step - without it someone could sign data with expired certificates. There are two URLs you can choose from: http://timestamp.verisign.com/scripts/timstamp.dll and http://timestamp.comodoca.com/authenticode .

You can provide Description and URL that are sometimes shown by the Windows OS based on actions user is making with your executable.

You can also use Certificate from the registry instead of loading it from the file as in above example. For instance, something like this would work just fine as step 1.

Dim CertLoc As New CertLocation
Dim c As Certificate
Set c = CertLoc(CurrentUser).Item("My").Item("WeOnlyDo Software")

You can check signature using VerifyEXE method.