DataFlex
DataFlex
Authenticode Sign using Smartcard or USB Token
See more Code Signing Examples
Demonstrates how to Authenticode sign an EXE or DLL using a smartcard or USB token, such as a Yubikey.Note: Chilkat's code signing class was added in v9.5.0.97
Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Variant vJson
Handle hoJson
Variant vCert
Handle hoCert
String sExePath
Handle hoSigner
String sTemp1
Move False To iSuccess
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// First create the following JSON to specify that SHA256 is to be used,
// and provide timestamp server information.
// {
// "hashAlg": "sha256",
// "timestampToken": {
// "enabled": true,
// "tsaUrl": "http://timestamp.digicert.com",
// "requestTsaCert": true,
// "hashAlg": "sha256"
// }
// }
Get Create (RefClass(cComChilkatJsonObject)) To hoJson
If (Not(IsComObjectCreated(hoJson))) Begin
Send CreateComObject of hoJson
End
Get ComUpdateString Of hoJson "hashAlg" "sha256" To iSuccess
Get ComUpdateBool Of hoJson "timestampToken.enabled" True To iSuccess
Get ComUpdateString Of hoJson "timestampToken.tsaUrl" "http://timestamp.digicert.com" To iSuccess
Get ComUpdateBool Of hoJson "timestampToken.requestTsaCert" True To iSuccess
Get ComUpdateString Of hoJson "timestampToken.hashAlg" "sha256" To iSuccess
// The only difference in signing with a smartcard or USB token
// is that the cert is loaded from a smartcard or USB token, instead of a PFX or from elsewhere
// such as from the Windows certificate store.
Get Create (RefClass(cComChilkatCert)) To hoCert
If (Not(IsComObjectCreated(hoCert))) Begin
Send CreateComObject of hoCert
End
// Yubico YubiKey OTP+FIDO+CCID 0, default PIN = 123456
Set ComSmartCardPin Of hoCert To "123456"
// Assuming you have the Yubikey inserted into the USB on the computer...
// and there is only 1 signing certificate on the Yubikey, then just load from
// the "smartcard". (assuming you don't have additional smartcards or USB tokens plugged in)
Get ComLoadFromSmartcard Of hoCert "" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoCert To sTemp1
Showln sTemp1
Procedure_Return
End
// If the smartcard/token has several possible certificates that can be used for signing,
// then see the online documentation for the LoadFromSmartcard method,
// and also see the online documentation and examples for Chilkat Pkcs11 and ScMinidriver.
// There are many possible ways to load a Chilkat certificate object with a cert (and associated private key)
// from a variety of sources. The only coding difference for any signing function in Chilkat,
// whether it be a PDF, XmlDSig, CMS, etc. is in how the cert is loaded.
// You can sign .exe or .dll files.
Move "C:/someOtherDir/HelloWorld.exe" To sExePath
Get Create (RefClass(cComChilkatCodeSign)) To hoSigner
If (Not(IsComObjectCreated(hoSigner))) Begin
Send CreateComObject of hoSigner
End
// If successful, the following call will apply the signature to the EXE (or DLL).
Get pvComObject of hoCert to vCert
Get pvComObject of hoJson to vJson
Get ComAddSignature Of hoSigner sExePath vCert vJson To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoSigner To sTemp1
Showln sTemp1
Procedure_Return
End
Showln "Successfully applied the Authenticode signature."
End_Procedure