| Signing code for Microsoft Authenticode |
|
|
|
Set up a directory for signing Create the CAB file Signing your files Verifying the signed archive Installing the signed archive Resources Set up a directory for signing Create the CAB file Signing your files Verifying the signed archive Installing the signed archive Resources Set up a directory for signing Create a top-level directory for the signing. Within that directory, create a subdirectory containing all the .class files for your applet (if you have several class files). Within the subdirectory, place copies of all .class files in their directories. Top level .class files should be right inside this directory, and all package .class files should be in subdirectories with the package names ------------------------------------------------------------------- Create the CAB file You should gather all your files in a cab file. To do so on the command prompt type the following command : cabarc -s 6144 N Sample.cab Sample.class or cabarc -r -p -s 6144 N Sample.cab c:\Myfiles\*.* ------------------------------------------------------------------- Signing your files * Using The command prompt Signcode ¨Ccn ¡°Globalsign¡± test.exe You need to replace Globalsign by your CN (common name). This can be found in internet explorer by going to tools -> internet options -> content ->certificates -> click on your objectsign certificate -> view -> details -> item subject. * Using the Digital Signature Wizard The Digital Signature Wizard is a graphical user interface (GUI) to run SignCode.exe. The wizard can be used instead of the command prompt. The Digital Signature Wizard provides the following options: Selecting and using a specific certificate to sign a file Selecting and using a specific private key Selecting a key type Selecting a hash algorithm for the signature Adding a timestamp to the signed file The Digital Signature Wizard is a CryptoAPI Tool available with Internet Explorer 5.0 and Microsoft? Windows NT? version 4.0 SP4 or later. The wizard can be started by calling the SignCode.exe utility with no options from the command prompt When launching signcode, you get this following window:  Click 'Next':  Here browse or enter the file path to be signed, click 'Next'  Here you have 2 options, let's proceed with Typical first, click 'Next':  Click on 'Select from Store':  Choose your ObjectSign Certificate and click 'OK':  Here you still have the option to view your certificate, click 'Next': On the following screen you have the option to enter a description or/and a web location.  Click 'Next':  Here you have the possibility to add a timestamp. Click 'Next':  That is the summary, click 'Finish':  Now we come back to 'Signing Options' screen to choose 'Custom':  Click 'Next':  Here you have both options, if you have an ObjectSign certificate delivered before the 15th of September 2001, you should 'Select from File¡' After this date, all ObjectSign Certificates are automatically installed in Internet Explorer Cetificate Store, in this case 'Select from Store¡':  Click 'Next':  The Second Options is automatically selected as the Private key is in the IE Certificate Store, click 'Next':  Select a hash algorithm and click 'Next':  Leave the default options, all certificates in the certification path, including the root certificate, and no additional certificates, click 'Next':  The following options are exactly the same as the previous ones. For any questions regarding signcode send an e-mail to This email address is being protected from spam bots, you need Javascript enabled to view it ------------------------------------------------------------------- Verifying the signed archive The first time you create a signed archive you'll want to verify it. Do this using chktrust: chktrust SimpleEdit.cab If the archive is signed properly, you'll get a "Security Warning" dialog asking if you want to install and run "Super Duper Applet", which was signed by you (signature verified by your CA). If not, you won't ------------------------------------------------------------------- Installing the signed archive Put the signed .cab archive into the web server directory containing the main class of your applet. Change the .html file that invokes the applet so that it mentions the archive: <title>GlobalSign Signed Applet</title> <hr> <applet code="Sample.class" ARCHIVE="Sample.jar" width=600 height=350> <param name="CABBASE" value="Sample.cab"> </applet> <hr> Note: If you need to have an applet with multiple .cab archives, you can use the CABINETS applet parameter: <param name="CABINETS" value="MyApplet.cab,MyApplet2.cab"> ------------------------------------------------------------------- Installing Signed applets for both Internet Explorer and Netscape Once you've created both .cab (Internet Explorer) and .jar (Netscape) archives for a given applet, you can use both in the same piece of HTML code; each browser will select the archive it understands. Use code like this: <title>My Wonderful Signed Applet <hr> <applet code="MyApplet.class" ARCHIVE="MyApplet.jar" width=600 height=350> <param name="CABBASE" value="MyApplet.cab"> </applet> <hr> |
| < Prev | Next > |
|---|