DataFlex
DataFlex
Code Signing using Sectigo USB Token
See more Code Signing Examples
Demonstrates how to Authenticode sign an EXE or DLL using a SafeNet USB token from Sectigo.Requires Chilkat v10.0.0 or greater.
Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Variant vJson
Handle hoJson
Variant vCert
Handle hoCert
String sExePath
Handle hoSigner
String sTemp1
Move False To iSuccess
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// First create the following JSON to specify that SHA256 is to be used,
// and provide timestamp server information.
// {
// "hashAlg": "sha256",
// "timestampToken": {
// "enabled": true,
// "tsaUrl": "http://timestamp.digicert.com",
// "requestTsaCert": true,
// "hashAlg": "sha256"
// }
// }
Get Create (RefClass(cComChilkatJsonObject)) To hoJson
If (Not(IsComObjectCreated(hoJson))) Begin
Send CreateComObject of hoJson
End
Get ComUpdateString Of hoJson "hashAlg" "sha256" To iSuccess
Get ComUpdateBool Of hoJson "timestampToken.enabled" True To iSuccess
Get ComUpdateString Of hoJson "timestampToken.tsaUrl" "http://timestamp.digicert.com" To iSuccess
Get ComUpdateBool Of hoJson "timestampToken.requestTsaCert" True To iSuccess
Get ComUpdateString Of hoJson "timestampToken.hashAlg" "sha256" To iSuccess
// The only difference in signing with a smartcard or USB token
// is that the cert is loaded from a smartcard or USB token, instead of a PFX or from elsewhere
// such as from the Windows certificate store.
Get Create (RefClass(cComChilkatCert)) To hoCert
If (Not(IsComObjectCreated(hoCert))) Begin
Send CreateComObject of hoCert
End
// Use your USB token PIN (user password).
// It will be a string similar to this: j6X54nB7-jlp5Cr2
Set ComSmartCardPin Of hoCert To "j6X54nB7-jlp5Cr2"
// Load the certificate based on the serial number.
// *** Use your certificate's serial number.
Get ComLoadFromSmartcard Of hoCert "serial=3FF5B69109BFD4046C92CC0D18EE23C2" To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoCert To sTemp1
Showln sTemp1
Procedure_Return
End
// Note: If the above fails, then use the SafeNet Authentication Client Tools
// to login to your token using your token password.
// You don't want too many failed logins, otherwise you'll lock the token.
// A successful login will reset number of failed logins back to 0.
// Note: This is to sign Microsoft Windows executables or DLLs
// You can sign .exe or .dll files.
Move "C:/someDirectory/HelloWorld.exe" To sExePath
Get Create (RefClass(cComChilkatCodeSign)) To hoSigner
If (Not(IsComObjectCreated(hoSigner))) Begin
Send CreateComObject of hoSigner
End
// If successful, the following call will apply the signature to the EXE (or DLL).
Get pvComObject of hoCert to vCert
Get pvComObject of hoJson to vJson
Get ComAddSignature Of hoSigner sExePath vCert vJson To iSuccess
If (iSuccess = False) Begin
Get ComLastErrorText Of hoSigner To sTemp1
Showln sTemp1
Procedure_Return
End
Showln "Successfully applied the Authenticode signature."
End_Procedure