Association of Shareware Professionals
The World's #1 Trade Organization for Independent Software Developers and Vendors
|
|
Association of Shareware Professionals
The World's #1 Trade Organization for Independent Software Developers and Vendors
|
The tools and techniques described and made available here are intended to allow the user to sign, and verify PAD files, and also to verify the backwards compatibility of the resulting signed PAD files with current PAD file editors and download sites. The methods used are based on well vetted cryptographic algorithms and W3C XMLDSIG standards.
This implementation allows the use of .pvk private keys and .spc certificates commonly acquired by software providers for code signing purposes using Microsoft code signing tools. Consequently these files are formatted according to Microsoft specific standards that are not well documented. Tools and a method are given for converting these to the PKCS12 standard format predominantly used in public key cryptography.
This example assumes that you are using the current PADGen software to generate and sign your PAD files.
To convert commercial keys and certificates to X509 formats you will need the Pvkimprt.exe Utility freely provided by Microsoft. Run the self extracting archive extracting the setup (also called pvkimprt.exe) to a temporary folder. You can then run the setup to install the executable (also called pvkimprt.exe!) to your pad signing folder.
What follows are step by step instruction on how to sign and verify your PAD files. These examples assume your company name is widgetsco and that your PAD file is named after your product superwidget. Even if digital signing is a relatively straightforward procedure, some find it intimidating the first time. By following the examples below and taking care to note the filenames used you can easily succeed in signing your PAD files.