Signing Controls

Signing Controls

If you use the Wallet SDK to build a Client payment component, PIP or Other Card, you must sign the resulting .dll, the associated .cab file, or any other extension to the Wallet before it can be loaded by the Payment Control. Signing your file makes it possible also for Microsoft's Authenticode™ technology identify the publisher of software to users before the user downloads this software from the Internet.

To sign your code

Download the latest version of Microsoft® Internet Explorer version 3.0 from http://www.microsoft.com/windows/ie.
Apply for credentials from a Certificate Authority (CA). Go to http:///msdn.microsoft.com/workshop/security/authcode/certs.asp for instructions on how to obtain a Software Publisher's certificate from a CA. After identifying the CA from which you want to obtain a certificate, visit the CA's Web site to fill out an online certificate application.
Once you have completed this application, it will take approximately one week for the CA to verify your information. Once the CA has verified the information you have provided, the CA will issue you credentials and a private key that you must store securely. You need both the provided credentials and the private key to sign your code.
Get the latest version of the ActiveX™ Software Development Kit (SDK). You can download the latest version of the ActiveX SDK from http://msdn.microsoft.com/workshop. The tools that you use to sign your code are included in the SDK. Consult the code-signing documentation provided in the SDK for additional information on using these tools.
Prepare your files to be signed. If you are building any PE file (.exe, .ocx., .dll, or other), you do not need to do anything special to prepare the files. If you are using a .cab file to distribute your control, you need to add the following entry to your .ddf file before creating the .cab file:
Set ReservePerCabinetSize=6144
Sign your files. You can now use the ActiveX SDK to sign your .exe, .cab, .ocx, or .dll file. Currently, only 32-bit files can be signed.
The following is an example of how to use signcode.exe, which is included in the ActiveX SDK, to sign your files:
```
signcode -prog myfilename -name displayname -info sample.microsoft.com -spc mycredentials.spc -pvk myprivatekey.pvk
```
The following table describes the parts of this example command.

Command Part	Meaning
myfilename	Name of the file to sign.
displayname	Description of the file that will show up in the certificate.
sample.microsoft.com	Should provide the user with more information about the file to be downloaded.
mycredentials.spc	Name of the credentials file obtained from the CA.
myprivatekey.pvk	Private key that was generated during the application process with the CA.

Note that if you invoke signcode.exe without any parameters, it will run a wizard that will step you through the signing process.

Test your signature.
- To test a signed .exe, .dll or .ocx file, run chktrust filename.
- To test a signed .cap file, run chktrust -c cabfilename.cab.

If your signing process was successful, running chktrust as described previously will bring up a certificate.