I'm writing a .NET 2.0 app
I want to deploy it in the net.
Apparently (due to an "unknow publisher warning" while downloading in the
browser) I have to give a strong name to my installer & my components.
My (.NET 2.0 beta2) project is a mix of C# & MC++.
- To authenticafe my MSI I need a .spc & a .pvk file
- To strongly named my C# assemblies with VS.NET 2005 I need to use a .pfx
file or a .snk file
- To strongly named my C++ assembly I guess I should use a .snk and the
assembly attributes
- Verisign could provide me certificate (is it a .cer???) from a .pvk file
- apparently I could create a .pvk file with makecert
- apparently I could create a .spc from a .cer with cert2spc
Now the questions are:
- how do I get a .pfx or .snk from, either, the .spc, .cer, .pvk files?
- I also tried (without success) all the 3 below line in my ManagedC++
project
[assembly:AssemblyKeyFileAttribute("..\\..\\novamin d.snk")];
or [assembly:AssemblyKeyFileAttribute("..\\novamind.sn k")];
or [assembly:AssemblyKeyFileAttribute("novamind.snk")];
but always get:
Error 2 fatal error LNK1256: ALINK operation failed (80040414) : Error
reading key file '..\..\novamind.snk' -- The system cannot find the file
specified. GnuStepCPP
what should I do?!?!
Now, could anyone give me simple direction!
I understand the concept! I just don't manage to put them into practice :-(
And the pratical documentation is awfully thin,
while the many article's author like to linger for an awfull number of pages
on the concepts it's very hard to find any practical implementation :-(
:-( :-(
which bring an other question:
I have found verisign, is there any other authentication 'registrar'?
--
NovaMind development team
NovaMind Software
Mind Mapping Software
<www.nova-mind.com> 3 1672
Hi Lloyd,
Not really a C# question but...
A number of companies on the internet provide software publishing
certificates: Verisign and Thawte spring to mind. You should be able to
get all the info you need to get a cert on their sites.
Hope that helps,
Jan
"Lloyd Dupont" <net.galador@ld> wrote in message
news:eV*************@tk2msftngp13.phx.gbl... I'm writing a .NET 2.0 app I want to deploy it in the net. Apparently (due to an "unknow publisher warning" while downloading in the browser) I have to give a strong name to my installer & my components.
There are two types of code signing used for .NET assemblies: strong name
signing and authenticode signing. The one that addresses the "unknown
publisher" issue is authenticode signing, not strong name signing. While
there's nothing preventing you from strongly naming your assemblies as well
(and there may be some potentially compelling reasons to do so), a strong
name is not necessary in this scenario.
My (.NET 2.0 beta2) project is a mix of C# & MC++. - To authenticafe my MSI I need a .spc & a .pvk file - To strongly named my C# assemblies with VS.NET 2005 I need to use a .pfx file or a .snk file - To strongly named my C++ assembly I guess I should use a .snk and the assembly attributes - Verisign could provide me certificate (is it a .cer???) from a .pvk file - apparently I could create a .pvk file with makecert - apparently I could create a .spc from a .cer with cert2spc
Let's ignore strong naming for the moment since it's adding unnecessary
complexity. For authenticode signing, you need a code signing certificate
and the private key that corresponds to the public key contained in that
certificate. Once you have the certificate and private key in hand, you
would use the signcode tool
(http://msdn.microsoft.com/library/en...igncodeexe.asp)
to sign your compiled assemblies. It makes no difference whether those
assemblies were originally written in C# or MC++.
While you can create test certificates with makecert, you should obtain your
production certificates from a CA (certification authority) that will be
recognized by your clients. If your application will be distributed outside
of a single enterprise, you will probably want to use a commercial CA like
Verisign or Thawte. (If you want a wider choice of CAs that are likely to
be trusted on Windows machines, a good place to start is the trusted root
CAs list on your machine.) If you are distributing your application only
within a single enterprise which runs its own CA, acquiring your
authenticode certificate from that CA may be more cost-effective.
As for delivered file formats and certificate application processes, these
can differ between CAs. The larger commercial CAs provide detailed guides
on both how to apply for their certificates (including the processes around
private key issuing), as well as how to use the files they will return to
your in order to actually sign your executables with makecert.
Now the questions are: - how do I get a .pfx or .snk from, either, the .spc, .cer, .pvk files?
You can use the pvkimprt tool
(http://www.microsoft.com/downloads/d...0-414BDFF679A7)
to either convert spc+pvk file pairs to a pfx file or a certificate (with
associated private key) in your certificates store. (The snk files used for
strong naming keys are not relevant to authenticode signing.)
- I also tried (without success) all the 3 below line in my ManagedC++ project [assembly:AssemblyKeyFileAttribute("..\\..\\novamin d.snk")]; or [assembly:AssemblyKeyFileAttribute("..\\novamind.sn k")]; or [assembly:AssemblyKeyFileAttribute("novamind.snk")]; but always get: Error 2 fatal error LNK1256: ALINK operation failed (80040414) : Error reading key file '..\..\novamind.snk' -- The system cannot find the file specified. GnuStepCPP what should I do?!?!
See http://blogs.msdn.com/shawnfa/archiv...14/438963.aspx. However,
keep in mind that you don't need to strongly name your assemblies simply in
order to use authenticode signing.
Now, could anyone give me simple direction! I understand the concept! I just don't manage to put them into practice :-( And the pratical documentation is awfully thin, while the many article's author like to linger for an awfull number of pages on the concepts it's very hard to find any practical implementation :-( :-( :-( which bring an other question: I have found verisign, is there any other authentication 'registrar'?
-- NovaMind development team NovaMind Software Mind Mapping Software <www.nova-mind.com>
Thanks, very interesting and well explained!
"Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
news:%2****************@TK2MSFTNGP14.phx.gbl... "Lloyd Dupont" <net.galador@ld> wrote in message news:eV*************@tk2msftngp13.phx.gbl... I'm writing a .NET 2.0 app I want to deploy it in the net. Apparently (due to an "unknow publisher warning" while downloading in the browser) I have to give a strong name to my installer & my components.
There are two types of code signing used for .NET assemblies: strong name signing and authenticode signing. The one that addresses the "unknown publisher" issue is authenticode signing, not strong name signing. While there's nothing preventing you from strongly naming your assemblies as well (and there may be some potentially compelling reasons to do so), a strong name is not necessary in this scenario.
My (.NET 2.0 beta2) project is a mix of C# & MC++. - To authenticafe my MSI I need a .spc & a .pvk file - To strongly named my C# assemblies with VS.NET 2005 I need to use a .pfx file or a .snk file - To strongly named my C++ assembly I guess I should use a .snk and the assembly attributes - Verisign could provide me certificate (is it a .cer???) from a .pvk file - apparently I could create a .pvk file with makecert - apparently I could create a .spc from a .cer with cert2spc
Let's ignore strong naming for the moment since it's adding unnecessary complexity. For authenticode signing, you need a code signing certificate and the private key that corresponds to the public key contained in that certificate. Once you have the certificate and private key in hand, you would use the signcode tool (http://msdn.microsoft.com/library/en...igncodeexe.asp) to sign your compiled assemblies. It makes no difference whether those assemblies were originally written in C# or MC++.
While you can create test certificates with makecert, you should obtain your production certificates from a CA (certification authority) that will be recognized by your clients. If your application will be distributed outside of a single enterprise, you will probably want to use a commercial CA like Verisign or Thawte. (If you want a wider choice of CAs that are likely to be trusted on Windows machines, a good place to start is the trusted root CAs list on your machine.) If you are distributing your application only within a single enterprise which runs its own CA, acquiring your authenticode certificate from that CA may be more cost-effective.
As for delivered file formats and certificate application processes, these can differ between CAs. The larger commercial CAs provide detailed guides on both how to apply for their certificates (including the processes around private key issuing), as well as how to use the files they will return to your in order to actually sign your executables with makecert.
Now the questions are: - how do I get a .pfx or .snk from, either, the .spc, .cer, .pvk files?
You can use the pvkimprt tool (http://www.microsoft.com/downloads/d...0-414BDFF679A7) to either convert spc+pvk file pairs to a pfx file or a certificate (with associated private key) in your certificates store. (The snk files used for strong naming keys are not relevant to authenticode signing.)
- I also tried (without success) all the 3 below line in my ManagedC++ project [assembly:AssemblyKeyFileAttribute("..\\..\\novamin d.snk")]; or [assembly:AssemblyKeyFileAttribute("..\\novamind.sn k")]; or [assembly:AssemblyKeyFileAttribute("novamind.snk")]; but always get: Error 2 fatal error LNK1256: ALINK operation failed (80040414) : Error reading key file '..\..\novamind.snk' -- The system cannot find the file specified. GnuStepCPP what should I do?!?!
See http://blogs.msdn.com/shawnfa/archiv...14/438963.aspx. However, keep in mind that you don't need to strongly name your assemblies simply in order to use authenticode signing.
Now, could anyone give me simple direction! I understand the concept! I just don't manage to put them into practice :-( And the pratical documentation is awfully thin, while the many article's author like to linger for an awfull number of pages on the concepts it's very hard to find any practical implementation :-( :-( :-( which bring an other question: I have found verisign, is there any other authentication 'registrar'?
-- NovaMind development team NovaMind Software Mind Mapping Software <www.nova-mind.com>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Rudi Groenewald |
last post by:
Hi there...
I use SQL server integrated security so when a user opens a database in
access it prompts the username & password in a small popup box on
connection, but I'd like to use my own...
|
by: Saravanakumar |
last post by:
Recently I have changed the VB Application for Authentication method
to connect to the SQL Server 7.0 database using the Windows NT
Authentication.
Later I had created permissions for Select,...
|
by: Glen Scott |
last post by:
Hi, I'm writing an ASP app that administers an ISA server remotely.
The fact that it's an ISA server isn't my problem I believe.
My question? What is the security difference between disabling...
|
by: Champika Nirosh |
last post by:
Hi All,
We are about to develop a Content management system, that can view, edit
content online.
In our system, we have a file called "sample business letter"
workers... in ur system... are...
|
by: Dave Kolb |
last post by:
Is there any other solution for an ASPNET application to access
network resources other than running as SYSTEM, using delegation (a
nightmare to get to work) or the COM+ solution? I cannot seem to...
|
by: William F. Zachmann |
last post by:
A web site that will run on Windows Server 2003 and IIS 6.0 needs to provide
three levels of access, one for the public and two others for two levels of
subscribers. This is a port of a prior site...
|
by: Jéjé |
last post by:
Hi,
I have a custom aspx page which access RS (Reporting Services) using the
webservice interface.
I'm using the delegation (defautcredentialcache) to send the user
authentication to RS.
RS...
|
by: Roger |
last post by:
Hi,
I'm completely stumped with an issue of authentication.
I have an ASP.net application which is supposed to retrieve data from a
remote database. It is supposed to access the database using...
|
by: serge calderara |
last post by:
Dear all,
How to configure in config file, the fact that all users get access to the
root web folder but only some of them to a restricted forlder
Any sample ?
thnaks for your help
regards...
|
by: TrinityPete |
last post by:
Hi all,
We have a web application that uses web services for data access and
retrieval. The web app and web services reside under IIS on the same
server(WIN2003). The virtual directories have...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| |