Code signing
Code signing is the process of digitally signing executables such as exe ,dll and scripts to confirm the software security.
-If Exe is signed ,It wont show warning during downloading from Internet
and also it is applicable to jars and applets also.
and also it is applicable to jars and applets also.
- Some CAs provider
1.Comodo
2.Symantec
3.GoDaddy
4.GlobalSign,
5.DigiCert
6.StartCom,
7.Entrust
8.Verizon,
9.Trustwave
10.Secom
11.Unizeto
12.QuoVadis
13.Deutsche
14.Telekom
15.Network Solutions
16.SwissSign
They provide certificates with some license period.
-Before Buying certificates,
For verification..
u can try it at your local system by self signed certificates.
Use this commands in command prompt by running as a administrator.
EXE SIGNER:
TOOL:-
signtool
STEPS:
1. SET PATH TO MICROSOFT SDKS:-
set path= C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin"
2. MAKING SELF SIGNED CERTIFICATES:-
makecert -r -pe -ss MyCertStore -n "CN=MyTestCert" MyTestCert.cer
(NOTE:
Import this certificate to Trusted certificate part in certmgr.msc in windows.
Then only It won’t show unknown publisher at local system.
TO VERIFY:
In windows ,Just type certmgr.msc in start window search box, certmgr.msc will prompt on screen ,
open that and then check whether certificate is successfully imported in Trusted certificate part.)
3. SIGN IN EXE USING SIGNTOOL
signtool sign /s MyCertStore /n MyTestCert sample.exe
4. TO VERIFY EXE IS SIGNED OR NOT
SignTool verify /pa sample.exe
EXE SIGNER FOR JAR WRAPPED INSIDE A EXE USING LAUNCH4J:
1. CERTIFICATION CREATION IS SAME AS NORMAL EXE SIGNER.
makecert -r -pe -ss MyCertStore -n "CN=MyTestCert" MyTestCert.cer
2. SIGN IN EXE USING SIGNTOOL AND SIGN4J:
sign4j signtool sign /s MyCertStore /n MyTestCert "sample.exe"
JAR SIGNER:
SET PATH TO JDK BIN AND THEN PROCEED
1.GENERATION OF CERTIFICATE USING KEYTOOL:-
keytool -keystore clientkeystore -genkey -alias client
//GIVE NECCESARY INFORMATION AS TOOL PROMPTS
keytool -keystore clientkeystore -certreq -alias client -keyalg rsa -file client.csr
//TYPE KEYSTORE PASSWORD AND KEY PASSOWRD AS IT PROMPTS
2.SIGN IN JAR USING JAR SIGNER:-
jarsigner -keystore clientkeystore -storepass client@123 -keypass key@123 sample.jar client
IF SECURITY EXCEPTION OCCURS TRY FOLLOWING COMMAND:
jarsigner -keystore clientkeystore -digestalg SHA1 Lektz.jar client
3.TO CHECK WHEATHER JAR IS VERIFIED OR NOT:
jarsigner -verify samplejar
FOR DETAILED INFORMATION:
jarsigner -verify -verbose -certs example.jar
ORACLE DOCUMENT REFERENCE FOR JAR SIGNER:
No comments:
Post a Comment