Friday, November 17, 2006

Windows Vista Code Signing

Windows Vista Code Signing. Seems with Windows latest OS code signing isn't optional. Its something you need to do. Why? Cause if you don't Windows Vista makes your program to appear as if it's a malware or a virus program. The "Do you really want to do this?" and "Are you really, really sure?" dialogs are all over the place in Windows Vista. So bottom line, you need to sign your executables.

Code signing has actually gotten easier over the years. You used to have to download the Microsoft Code Signing Tool. Now it just comes bundled with Visual Studio; which actually makes things a little easier.

So first off, you need to get a Code Signing Certificate. These can be obtained from a Windows Vista Trusted Certificate Authority (CA). Verisign, Thawte, and GeoTrust are the big ones (Though Thawte is owned by Verisign). You'll need to order a Microsoft Authenticode signing certificate. The company you purchase from can walk you through the step of generating the certificate.

Once you have a certificate you can add a post build event to your visual studio project that will sign the exe, or dll after it's built. The command to run will look something like this:

signcode.exe -v your.pvk -spc your.spc $(OutDir)\$(TargetFileName) -t http://timestamp.verisign.com/scripts/timstamp.dll

You'll probably find these links helpful:

SignCode.exe Documentation
SignTool.exe Documentation
Cert2Spc.exe Documentation

No comments: