Article : Security Tools Part -- 2 (.Net FrameWork Tools Series)

Discussion in 'ASP .Net Security' started by Namratha Shah \(Nasha\), Nov 23, 2004.

  1. Hey Group,

    Yesterday we created our own certificate installed the certificate in the
    certificate store and even created a key container for the same.

    Today we will use this certificate to create our Software Publicers
    certificate and then sign our assembly with it.

    To create a software publishers certificate .net framework has provided us
    with cert2spc tool.

    This utility takes one or more X.509 certificates and creates a software
    publisher's certificate (SPC).

    Let us create our SPC.

    cert2spc myComp.cer Mycomp.spc

    After creating our SPC we will now go ahead and sign our assembly.

    Go to VS.Net command prompt and type signcode a wizard will open up. This is
    a wizard based utility for signing your assemblies although you can use it
    with various options from the command prompt also.

    To check out the various options by typing signcode /?. For signing our
    assembly we will use the wizard.

    Type signcode and hit the Enter key to intiate the wizard.
    Go ahead and select the file that you want to digitally sign (SELECT AN
    From the signing options select the Custom and click next
    Then select the select from file option and select either your .cer or your
    ..spc file (Both are supported). Click Next.
    To select the private key you can either select the private key from the
    ..pvk file or you can select the private from your key store.

    Note: You can extract your private key to .pvk file using makecert if you
    wish to store it in your machine ( but pls be careful if u are using this
    option). Since we had added our key to the key container in our machine we
    will pick up from there.

    So select the first option private key file on disk if you have .pvk file or
    select private key in a CSP if you want to select it from your key

    We will go ahead with the second option let rest of the values be default
    ..... select the key container as MyCompCont. The one we created yesterday.

    Select any one of the hash algo's either md5 or sha1. Click Next , Next , en
    ter the description and web location (they are optional) and reach to the
    finish. Click finish . you should get a message saying " The Digital
    Signing wizard was completed successfully."

    Go to Windows Explorer and check the properties of your assembly it will now
    show a new tab called Digital Signatures shown your digital signed

    Let us now check whether the this assembly is trust worthy source or not.

    For that we will use an another chktrust tool that is shipped with .NET
    FrameWork tools.

    Go to VS.NET command prompt and run chktrust.exe with the name of your
    signed exe.

    chktrust.exe MyExecutable.exe

    If the trust for test root is enabled on your machine then then chk trust
    will succeed else it will fail. By default it should be disabled hence this
    chktrust should fail

    Hence when you run for your excutable ir should give u a warn pop-up saying
    that test root is not enabled as trusted root.

    To enable test root as a trusted root we will have to set its value to true

    Go to VS.Net command promt and run setreg as follows

    setreg.exe 1 true /// This will set test root as trusted root.

    Now re-run the above command

    chktrust.exe MyExecutable.exe

    This time it should give u a security wanring saying " *** TEST CERTIFICATE
    *** " and saking you whether content from MyComp Technologies should be
    trusted or not. Click on yes ...

    To explore other options of chktrust and setreg type chktrust /? and setreg

    -- Please post your queries and comments for my articles in the usergroup
    for the benefit of all. I hope this step from my end is helpful to all of


    Namratha (Nasha)
    Namratha Shah \(Nasha\), Nov 23, 2004
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Namratha Shah \(Nasha\)
    Richard Blewett [DevelopMentor]
    Nov 8, 2004
  2. Namratha Shah \(Nasha\)
    Namratha Shah \(Nasha\)
    Nov 6, 2004
  3. Namratha Shah \(Nasha\)
    Namratha Shah \(Nasha\)
    Nov 23, 2004
  4. Namratha Shah \(Nasha\)

    Article : Security Tools Part -- 2 (.Net FrameWork Tools Series)

    Namratha Shah \(Nasha\), Nov 23, 2004, in forum: ASP .Net Datagrid Control
    Namratha Shah \(Nasha\)
    Nov 23, 2004
  5. Namratha Shah \(Nasha\)

    Article : Security Tools Part -- 2 (.Net FrameWork Tools Series)

    Namratha Shah \(Nasha\), Nov 23, 2004, in forum: ASP .Net Mobile
    Namratha Shah \(Nasha\)
    Nov 23, 2004

Share This Page