Sample code for 30+ languages & platforms
DataFlex

Authenticode Sign using Smartcard or USB Token

See more Code Signing Examples

Demonstrates how to Authenticode sign an EXE or DLL using a smartcard or USB token, such as a Yubikey.

Note: Chilkat's code signing class was added in v9.5.0.97

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Variant vJson
    Handle hoJson
    Variant vCert
    Handle hoCert
    String sExePath
    Handle hoSigner
    String sTemp1

    Move False To iSuccess

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // First create the following JSON to specify that SHA256 is to be used,
    // and provide timestamp server information.

    // {
    //   "hashAlg": "sha256",
    //   "timestampToken": {
    //     "enabled": true,
    //     "tsaUrl": "http://timestamp.digicert.com",
    //     "requestTsaCert": true,
    //     "hashAlg": "sha256"
    //   }
    // }

    Get Create (RefClass(cComChilkatJsonObject)) To hoJson
    If (Not(IsComObjectCreated(hoJson))) Begin
        Send CreateComObject of hoJson
    End
    Get ComUpdateString Of hoJson "hashAlg" "sha256" To iSuccess
    Get ComUpdateBool Of hoJson "timestampToken.enabled" True To iSuccess
    Get ComUpdateString Of hoJson "timestampToken.tsaUrl" "http://timestamp.digicert.com" To iSuccess
    Get ComUpdateBool Of hoJson "timestampToken.requestTsaCert" True To iSuccess
    Get ComUpdateString Of hoJson "timestampToken.hashAlg" "sha256" To iSuccess

    // The only difference in signing with a smartcard or USB token
    // is that the cert is loaded from a smartcard or USB token, instead of a PFX or from elsewhere
    // such as from the Windows certificate store.
    Get Create (RefClass(cComChilkatCert)) To hoCert
    If (Not(IsComObjectCreated(hoCert))) Begin
        Send CreateComObject of hoCert
    End

    // Yubico YubiKey OTP+FIDO+CCID 0, default PIN = 123456
    Set ComSmartCardPin Of hoCert To "123456"

    // Assuming you have the Yubikey inserted into the USB on the computer...
    // and there is only 1 signing certificate on the Yubikey, then just load from
    // the "smartcard".  (assuming you don't have additional smartcards or USB tokens plugged in)
    Get ComLoadFromSmartcard Of hoCert "" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoCert To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // If the smartcard/token has several possible certificates that can be used for signing,
    // then see the online documentation for the LoadFromSmartcard method,
    // and also see the online documentation and examples for Chilkat Pkcs11 and ScMinidriver.
    // There are many possible ways to load a Chilkat certificate object with a cert (and associated private key)
    // from a variety of sources.  The only coding difference for any signing function in Chilkat,
    // whether it be a PDF, XmlDSig, CMS, etc. is in how the cert is loaded.

    // You can sign .exe or .dll files.
    Move "C:/someOtherDir/HelloWorld.exe" To sExePath

    Get Create (RefClass(cComChilkatCodeSign)) To hoSigner
    If (Not(IsComObjectCreated(hoSigner))) Begin
        Send CreateComObject of hoSigner
    End

    // If successful, the following call will apply the signature to the EXE (or DLL).
    Get pvComObject of hoCert to vCert
    Get pvComObject of hoJson to vJson
    Get ComAddSignature Of hoSigner sExePath vCert vJson To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoSigner To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Showln "Successfully applied the Authenticode signature."


End_Procedure