如何使用证书签署 ActiveX DLL
我创建了一个通过 COM 公开的 DLL,需要使用证书进行签名。
我创建了一个 Visual Studio 2008 项目,它有一个类库,其中包含我的 ActiveX 对象的代码。然后我创建了一个正在使用它的 ASP.net 页面:
<script type="text/javascript">
var x = new ActiveXObject("Foo.Bar");
x.SomeMethod();
</script>
我运行该网站并收到一堆安全错误。我运行 regasm /tlb /codebase foo.dll 并以这种方式安装它。我还更改了 IE 中的一些安全设置,以允许我运行未签名的 ActiveX 控件,并且一切正常。
现在我需要将其打包在 CAB 文件中并使用证书对其进行签名,这样我就不必触及安全设置(因此用户也不必执行此操作)。
有人可以让我知道该怎么做吗?我什至不知道从哪里开始。我使用 makecert.exe 工具创建了一个自签名证书,但我不确定如何将证书绑定到 DLL 或如何将其全部打包在 CAB 中并在网站中使用它。
I have created a DLL that I am exposing via COM that I need to sign with a certificate.
I have created a Visual Studio 2008 project and it has a class library which contains the code for my ActiveX object. I then created an ASP.net page that is using it:
<script type="text/javascript">
var x = new ActiveXObject("Foo.Bar");
x.SomeMethod();
</script>
I ran the site and was getting a bunch of errors with security. I ran regasm /tlb /codebase foo.dll and installed it this way. I also changed a bunch of my security settings in IE to allow me to run unsigned ActiveX controls and everything worked fine.
Now I need to package this up in a CAB file and sign it with a Certificate so that I don't have to touch security settings (and so users don't have to do this as well).
Can someone let me know how to do this? I'm not even sure where to begin. I created a self signed certificate with the makecert.exe tool but I"m not sure how to tie the certificate to the DLL or how to package it all up in a CAB and use that in the website.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
微软有一个不错的白皮书/教程,介绍如何执行此操作:
MSDN 文章
以下是它的长处和短处:
对代码进行签名
从证书颁发机构申请证书。请参阅 http://msdn.microsoft.com/workshop/security/authcode/certs。 asp 获取有关获取证书的说明。
获取用于签署文件和检查签名的最新工具。请参阅 http://msdn.microsoft.com /library/default.asp?URL=/library/psdk/crypto/cryptotools_4739.htm。
准备要签名的文件。如果您要签署任何 .exe、.ocx、.vbd 或 .dll 文件,则无需执行任何特殊操作。如果您要签署 .cab 文件,则必须将以下条目添加到 .ddf 文件并重新制作 .cab 文件:
.Set ReservePerCabinetSize=6144
使用 signcode.exe 签署您的文件。以下是如何对文件进行签名的示例:
Signcode -prog myfilename -name displayname -info http://www.mycompany-inc-10.com - spc mycredentials.spc -pvk myprivatekey.pvk
测试您的签名:
其中 filename 是您签名的文件的名称。
其中 cabfilename 是您签名的 .cab 文件的名称。
Microsoft has a decent whitepaper/tutorial on how to go about doing this:
MSDN Article
Here is the long and short of it:
To sign your code
Apply for a certificate from a certificate authority. See http://msdn.microsoft.com/workshop/security/authcode/certs.asp for instructions on obtaining a certificate.
Get the latest tools for signing files and checking signatures. See http://msdn.microsoft.com/library/default.asp?URL=/library/psdk/crypto/cryptotools_4739.htm.
Prepare your files to be signed. If you are signing any .exe, .ocx, .vbd or .dll file, you do not need to do anything special. If you are signing a .cab file, you must add the following entry to your .ddf file and remake your .cab file:
.Set ReservePerCabinetSize=6144
Sign your files using signcode.exe. The following is an example of how you might sign a file:
Signcode -prog myfilename -name displayname -info http://www.mycompany-inc-10.com - spc mycredentials.spc -pvk myprivatekey.pvk
Test your signature:
where filename is the name of the file you signed.
where cabfilename is the name of the .cab file you signed.