Code Signing: Microsoft Authenticode
Global Support Centre > Code Signing > MS Authenticode
PART 1: Set up a directory for signing
Create a top-level directory for the signing. Within that directory, create a subdirectory containing all the .class files for your applet (if you have several class files). Within the subdirectory, place copies of all .class files in their directories. Top level .class files should be right inside this directory, and all package .class files should be in subdirectories with the package names.
PART 2: Create the CAB file
Gather all your files in a cab file. To do so on the command prompt type the following command:
cabarc -s 6144 N Sample.cab Sample.class
cabarc -r -p -s 6144 N Sample.cab c:\Myfiles\*.*
PART 3: Signing your files
- Using The command prompt
- Signcode –cn “GlobalSign” test.exe
(Replace GlobalSign by your CN (common name)).
- This can be found in internet explorer in Tools > Internet Options > Content > Certificates > click on your objectsign certificate > View > Details > Item Subject.
- The Digital Signature Wizard is a graphical user interface (GUI) to run SignCode.exe. The wizard can be used instead of the command prompt.
- The Digital Signature Wizard provides the following options:
- Selecting and using a specific certificate to sign a file.
- Selecting and using a specific private key.
- Selecting a key type.
- Selecting a hash algorithm for the signature.
- Adding a timestamp to the signed file.
PART 4: Verifying the signed archive
The first time you create a signed archive you'll want to verify it. Do this using chktrust:
chktrust SimpleEdit.cab If the archive is signed properly, you'll get a “Security Warning” dialog asking if you want to install and run “Super Duper Applet”, which was signed by you (signature verified by your CA). If not, you won't.
PART 5: Installing the signed archive
Put the signed .cab archive into the web server directory containing the main class of your applet. Change the .html file that invokes the applet so that it mentions the archive:
<title>GlobalSign Signed Applet</title>
<applet code="Sample.class" ARCHIVE="Sample.jar" width=600 height=350>
<param name="CABBASE" value="Sample.cab">
Note: If you need to have an applet with multiple .cab archives, you can use the CABINETS applet parameter:
<param name="CABINETS" value="MyApplet.cab,MyApplet2.cab">
PART 6: Installing Signed applets for both Internet Explorer and Netscape
Once you've created both .cab (Internet Explorer) and .jar (Netscape) archives for a given applet, you can use both in the same piece of HTML code; each browser will select the archive it understands. Use code like this:
Authenticode Resources – http://msdn2.microsoft.com/en-us/library/ms537359(VS.85).aspx