Integration with KeySecure
This section outlines the steps to integrate Microsoft Authenticode with KeySecure.
Integrating Microsoft Authenticode with KeySecure
To integrate KeySecure with Microsoft Authenticode follow the steps below:
Run the SafeNetProtectApp CSP Provider with the following makecert command:
makecert -sk CSP2TestKey -sp "SafenetProtectApp CSP Provider" –n "CN=Common Name" -r -ss mystore Test.cer
where:
- -sk: The location of the subject’s key container which holds the private key.
- -sp: Subject CryptoAPI's provider name.
- -n: The name and details of the publisher’s certificate.
- -ss: The name of the subject’s certificate store in which the generated certificate will be stored.
• Anything that contains spaces must be in double quotes ("").
• SHA256, SHA384 and SHA512 are supported with both KSP and CSP installed.A certificate gets created on the system, as shown below:
Sign and Time Stamp the code using signtool as follows:
signtool sign /v /f Certificate /csp "Cryptographic Service Provider Name" /k "Key Container Name" /t timestamp URL "File to be signed"
where:
- /f: Publisher’s Certificate.
- /k: Container Name that contains the signing key.
- /t: URL used for Time Stamping.
Before signing the dll, the ingdnp.dll properties window appears, as shown below:
After signing the dll, a new tab Digital Signatures gets added, as shown below: