Products Solutions Segments About Us Support Manage My Account

OmniRoot Certificate Center  >  Online Helpdesk  >  MS Authenticode

Signing code for Microsoft Authenticode

Please select a topic:

Set up a directory for signing
Create a top-level directory for the signing.
Within that directory, create a subdirectory containing all the .class files for your applet (if you have several class files).
Within the subdirectory, place copies of all .class files in their directories.
Top level .class files should be right inside this directory, and all package .class files should be in subdirectories with the package names

Create the CAB file
You should gather all your files in a cab file. To do so on the command prompt type the following command :
cabarc -s 6144 N Sample.cab Sample.class
or
cabarc -r -p -s 6144 N Sample.cab c:\Myfiles\*.*

Signing your files
- Using The command prompt
Signcode –cn “Globalsign” test.exe
You need to replace Globalsign by your CN (common name).
This can be found in internet explorer by going to tools -> internet options -> content ->certificates -> click on your objectsign certificate -> view -> details -> item subject.

- Using the Digital Signature Wizard
The Digital Signature Wizard is a graphical user interface (GUI) to run SignCode.exe. The wizard can be used instead of the command prompt. The Digital Signature Wizard provides the following options:

  • Selecting and using a specific certificate to sign a file
  • Selecting and using a specific private key
  • Selecting a key type
  • Selecting a hash algorithm for the signature
  • Adding a timestamp to the signed file
The Digital Signature Wizard is a CryptoAPI Tool available with Internet Explorer 5.0 and Microsoft® Windows NT® version 4.0 SP4 or later. The wizard can be started by calling the SignCode.exe utility with no options from the command prompt
When launching signcode, you get this following window:

1

Click 'Next':

2

Here browse or enter the file path to be signed, click 'Next'

3

Here you have 2 options, let's proceed with Typical first, click 'Next':

4

Click on 'Select from Store':

5

Choose your ObjectSign Certificate and click 'OK':

6

Here you still have the option to view your certificate, click 'Next':
On the following screen you have the option to enter a description or/and a web location.

7

Click 'Next':

8

Here you have the possibility to add a timestamp. Click 'Next':

9

That is the summary, click 'Finish':

1

Now we come back to 'Signing Options' screen to choose 'Custom':

2

Click 'Next':

3

Here you have both options, if you have an ObjectSign certificate delivered before the 15th of September 2001, you should 'Select from File…'
After this date, all ObjectSign Certificates are automatically installed in Internet Explorer Cetificate Store, in this case 'Select from Store…':
4
Click 'Next':

5

The Second Option is automatically selected as the Private key is in the IE Certificate Store, click 'Next':

6

Select a hash algorithm and click 'Next':

7

Leave the default options, all certificates in the certification path, including the root certificate, and no additional certificates, click 'Next':

8

The following options are exactly the same as the previous ones.
For any questions regarding signcode send an e-mail to support@globalsign.com.

Verifying the signed archive
The first time you create a signed archive you'll want to verify it. Do this using chktrust:
chktrust SimpleEdit.cab
If the archive is signed properly, you'll get a "Security Warning" dialog asking if you want to install and run "Super Duper Applet", which was signed by you (signature verified by your CA). If not, you won't

Installing the signed archive
Put the signed .cab archive into the web server directory containing the main class of your applet. Change the .html file that invokes the applet so that it mentions the archive:

<title>GlobalSign Signed Applet</title>
<hr>
<applet code="Sample.class" ARCHIVE="Sample.jar" width=600 height=350>
<param name="CABBASE" value="Sample.cab">
</applet>
<hr>

Note: If you need to have an applet with multiple .cab archives, you can use the CABINETS applet parameter:
<param name="CABINETS" value="MyApplet.cab,MyApplet2.cab">

Installing Signed applets for both Internet Explorer and Netscape
Once you've created both .cab (Internet Explorer) and .jar (Netscape) archives for a given applet, you can use both in the same piece of HTML code; each browser will select the archive it understands.
Use code like this:

<title>My Wonderful Signed Applet</title>
<hr>
<applet code="MyApplet.class" ARCHIVE="MyApplet.jar" width=600 height=350>
<param name="CABBASE" value="MyApplet.cab">
</applet>
<hr>

Resources
You can obtain your Cybertrust CodeSigning Certificate by starting an online registration at:
  http://cybertrust.omniroot.com/codecenter.cfm

Authenticode Resources:
  http://msdn2.microsoft.com/en-us/library/ms537359(VS.85).aspx

  Related Topics:
Cybertrust OmniRoot
Certificate Center
Order an Code Signing Certificate

Online Helpdesk

Contact Support