Digitally signing plug-in files

By Virupaksha Aithal

Digital signature is like an electronic security mark affixed to your plug-in file. The digital signature has the details about the publisher, the independent entity who can guarantee the publisher’s identity. It also has the cryptographic checksum which is used to verify that the content has not been tampered after signing or not.

Below are the steps involved in digitally signing your plug-ins

Purchase digital signature
There are different vendors from whom you can purchase the digital signatures.

Example : Verisign, DigiCert, Thawte etc.

 Use signing tool

 Use Signtool.exe (Tool is located with Microsoft SDK toolkit) to sign your C++ or .NET plug-in.

 example : signtool sign /f <PFX file name> /p <Password> FileToSign.dll
 where <PFX file name> is digital signature file (pfx file)
  <Password> – is private key of your digital signature.

  In case of AutoCAD Lisp files, use AcSignApply.exe. You can find this tool with acad.exe 

Other useful links

Code signing http://en.wikipedia.org/wiki/Code_signing

Certificate authority http://en.wikipedia.org/wiki/Certificate_authority