Integration with CipherTrust Manager
This section outlines the steps to integrate Microsoft Authenticode with CipherTrust Manager.
Integrating Microsoft Authenticode with CipherTrust Manager
To integrate CipherTrust Manager with Microsoft Authenticode follow the steps below:
Run the SafeNetProtectApp CSP Provider with the following makecert command:
makecert -sk CSP2TestKey -sp "SafenetProtectApp CSP Provider" –n "CN=Common Name" -r -ss mystore Test.cer
where:
-sk: The location of the subject’s key container which holds the private key.
-sp: Subject CryptoAPI's provider name.
-n: The name and details of the publisher’s certificate.
-ss: The name of the subject’s certificate store in which the generated certificate will be stored.
Note
Anything that contains spaces must be in double quotes ("").
SHA256, SHA384 and SHA512 are supported with both KSP and CSP installed.
A certificate gets created on the system, as shown below:
Sign and Time Stamp the code using signtool as follows:
signtool sign /v /f Certificate /csp "Cryptographic Service Provider Name" /k "Key Container Name" /t timestamp URL "File to be signed"
where:
- /f: Publisher’s Certificate.
- /k: Container Name that contains the signing key.
- /t: URL used for Time Stamping.
Before signing the dll, the ingdnp.dll properties window appears, as shown below:
After signing the dll, a new tab Digital Signatures gets added, as shown below: