Sample code for 30+ languages & platforms
DataFlex

Code Signing using Sectigo USB Token

See more Code Signing Examples

Demonstrates how to Authenticode sign an EXE or DLL using a SafeNet USB token from Sectigo.

Requires Chilkat v10.0.0 or greater.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Variant vJson
    Handle hoJson
    Variant vCert
    Handle hoCert
    String sExePath
    Handle hoSigner
    String sTemp1

    Move False To iSuccess

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // First create the following JSON to specify that SHA256 is to be used,
    // and provide timestamp server information.

    // {
    //   "hashAlg": "sha256",
    //   "timestampToken": {
    //     "enabled": true,
    //     "tsaUrl": "http://timestamp.digicert.com",
    //     "requestTsaCert": true,
    //     "hashAlg": "sha256"
    //   }
    // }

    Get Create (RefClass(cComChilkatJsonObject)) To hoJson
    If (Not(IsComObjectCreated(hoJson))) Begin
        Send CreateComObject of hoJson
    End
    Get ComUpdateString Of hoJson "hashAlg" "sha256" To iSuccess
    Get ComUpdateBool Of hoJson "timestampToken.enabled" True To iSuccess
    Get ComUpdateString Of hoJson "timestampToken.tsaUrl" "http://timestamp.digicert.com" To iSuccess
    Get ComUpdateBool Of hoJson "timestampToken.requestTsaCert" True To iSuccess
    Get ComUpdateString Of hoJson "timestampToken.hashAlg" "sha256" To iSuccess

    // The only difference in signing with a smartcard or USB token
    // is that the cert is loaded from a smartcard or USB token, instead of a PFX or from elsewhere
    // such as from the Windows certificate store.
    Get Create (RefClass(cComChilkatCert)) To hoCert
    If (Not(IsComObjectCreated(hoCert))) Begin
        Send CreateComObject of hoCert
    End

    // Use your USB token PIN (user password).
    // It will be a string similar to this:  j6X54nB7-jlp5Cr2
    Set ComSmartCardPin Of hoCert To "j6X54nB7-jlp5Cr2"

    // Load the certificate based on the serial number.
    // *** Use your certificate's serial number.
    Get ComLoadFromSmartcard Of hoCert "serial=3FF5B69109BFD4046C92CC0D18EE23C2" To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoCert To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    // Note: If the above fails, then use the SafeNet Authentication Client Tools
    // to login to your token using your token password.
    // You don't want too many failed logins, otherwise you'll lock the token.
    // A successful login will reset number of failed logins back to 0.

    // Note: This is to sign Microsoft Windows executables or DLLs
    // You can sign .exe or .dll files.
    Move "C:/someDirectory/HelloWorld.exe" To sExePath

    Get Create (RefClass(cComChilkatCodeSign)) To hoSigner
    If (Not(IsComObjectCreated(hoSigner))) Begin
        Send CreateComObject of hoSigner
    End

    // If successful, the following call will apply the signature to the EXE (or DLL).
    Get pvComObject of hoCert to vCert
    Get pvComObject of hoJson to vJson
    Get ComAddSignature Of hoSigner sExePath vCert vJson To iSuccess
    If (iSuccess = False) Begin
        Get ComLastErrorText Of hoSigner To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Showln "Successfully applied the Authenticode signature."


End_Procedure