Discuss this help topic in SecureBlackbox Forum
Sign executable with Authenticode
SecureBlackbox allows you to sign executable files (.exe and .dll files) using its TElAuthenticodeManager component. The whole process is fairly simple and is described step-by-step below.
TElX509Certificate signingCert = new TElX509Certificate();
int res = signingCert.LoadFromFileAuto("signingCert.pfx", "password");
TElAuthenticodeManager manager = new TElAuthenticodeManager();
bool signed = manager.Open(@"C:\Bin\program.exe");
This method returns true if the binary is already signed (i.e. it has at least one signature inside). Otherwise, false is returned.
If an error occurs, an exception is thrown containing one of the error codes.
TElAuthenticodeSignature signatures = signer.AddSignature(
TSBAuthenticodeDigestAlgorithm.acdSHA256, // authenticode message digest algorithm
signingCert, // signing certificate you loaded on step 1
TSBAuthenticodeStatementType.acsIndividual, // statement type - individual or commercial
"My Authenticode", // description of the signature and/or the signer
"https://www.secureblackbox.com/authenticode", // originator's URL
false // pass 'true' to include current time to the signature (in UTC)
);
This call returns an instance of TElAuthenticodeSignature class for the newly created signature. You can use it to add a timestamp or even to remove the signature and create another one. If an error occurs, an exception is thrown.
manager.Save(@"C:\Bin\signed_program.exe");
manager.Close();