About the electronic signature transfer of an active control

About the electronic signature of an active control

Two kinds of scenarios: one is to make a certificate, the client can identify the control after installing the certificate, the second is to buy the official, in the country to find the agent VeriSign, responsible for a variety of electronic signatures, any browser can recognize the certificate. Official website of the company: http://www.verisign.com/products-services/security-services/code-signing/digital-ids-code-signing/index.html

Do not have the money to do their own certificates, at least once installed after the installation, all the active control can use this certificate. The effect of the certificate

Where to install the certificate:

Certificate production and control packaging process, reproduced as follows:

1.   Package OCX files and third-party DLL files into a CAB file: The Internet Software Distribution Unit is a "package" that consists of. INF file or software that distributes. osd files (or both). cab files. A distribution unit can also contain software components, such as ActiveX controls (. OCX),. DLL files,. EXE files, Java class files, or applets. When the CODEBASE attribute of the object element on a Web page references a. cab file that contains an. inf file, Internet Explorer automatically downloads and installs the. cab file as a software distribution unit and automatically detects the version and updates each time it is accessed. INF file is a text file that specifies the files that need to be downloaded or submitted to run the control (for example. DLL or other. OCX). One. INF file bundles all the required files for the. cab compressed file. By default, files with the same version number as the file on an existing hard disk are not downloaded. Write your own INF file, which includes packaging the. ocx file, as well as the associated. dll file, and downloading it to a folder: \Windows\System32, detailed annotated as follows:[version]     Signature= "$CHICAGO $" advancedinf=2.0 [defaultinstall]    copyfiles= install.filesregisterocxs=registerfiles[rinstallapplicationfiles]copyfiles=install.filesregisterocxs= Registerfiles[destinationdirs]install.files=11 [sourcedisksnames]    1=%diskname%, Testcab.cab,1  [add.code]pcpos.ocx=pcpos.ocxcomm.dll=comm.dllpcpos.dll=pcpos.dlltcpclnt.dll= Tcpclnt.dll [install.files]pcpos.ocx=pcpos.ocxcomm.dll=comm.dllpcpos.dll=pcpos.dlltcpclnt.dll=tcpclnt.dll  [sourcedisksfiles]pcpos.ocx=1comm.dll=1pcpos.dll=1tcpclnt.dll=1 [pcpos.ocx]file-win32-x86=thiscab     RegisterServer=yes    clsid={719A1D6E-7099-4123-9D63-F0118AFF2D61}     DestDir=11    FileVersion=1,0,0,1 [Comm.dll]file-win32-x86=thiscab     RegisterServer=yes                          DestDir=11     fileversion=1,0,0,1 [pcpos.dll]file-win32-x86=thiscab    registerserver=yes       destdir=11    fileversion=1,0,0,1 [tcpclnt.dll] file-win32-x86=thiscab    registerserver=yes      destdir=11     FileVersion=1,0,0,1 [RegisterFiles]    %11%\pcpos.ocx  Note: "Thiscab" is a keyword that means a cab file that contains the INF. can alsoDownload the required DLL files from the Web, as long as you specify an HTTP URL, such as: File-win32-x86=http://www.mysite.com/mydir/needed.dll keyword "file-win32-x86" specifies that the platform is x86. The file version number is Visible property. "DestDir" refers to the loading directory or the address of the file: 11 specified as the system directory windows//system32; " CLSID "refers to the CLSID of the control to be installed.   Make cab: Use \windows\system32\iexpress.exe. 1)Select "Create new self Extraction Directive file" and click Next. 2)Select "Create Compressed files only (ActiveX installs)" and click Next. 3)Click Add, File (Pcpos.ocx,pcpos.dll,comm.dll,tcpclnt.dll), and click Next. 4)Click Browse, enter. The storage address of the CAB file (including the filename taken), where Testcab.cab is taken, and the "store files using Long file name inside Package" is selected. Click Next. 5)Select "Don't Save" and click Next until you're done. Note: If the control is already registered on the client and is not passed. The way the CAB is registered, then through. When the CAB is automatically registered, the control cannot be updated. You must manually delete the file. 2. Digitally sign a CAB file the legendary digital signature can be downloaded automatically without prompting, so try it: there are three gadgets in the middle of \microsoft Visual Studio. NET 2003\sdk\v1.1\bin, and they are used to implement digital signatures. 1. Makecert.exe---Certificate Creation tool 2. Cert2Spc.exe---Publisher certificate Test Tool 3. Signcode.exe---File Signing tool steps: 1)makecert-ss name-n "cn= company name"-sv D:\pos.pvk-r D:\pos.cer where sk-represents the subject's key container location, ss-subject's certificate store name, N-Certificate Issuer object, R-Certificate storage location,-s V Export the private key file (for signature use). Note: This will allow you to enter the password three times, three times to be exactly the same. 2)generate an SPC Publisher certificate using CERT2SPC (optional): CERT2SPC d:\pos.cer c:\pos.spc3)double-clicking Signcode, without parameters, starts the Signature wizard. First choose to sign the file, Next, select "Custom", Next, select "Select from File", add the newly generated Pos.cer certificate, next, select the private key pos.pvk, then next, can SPC certificate, and then the next step. Add a timestamp, fill in the timestamp in http://timestamp.verisign.com/scripts/timstamp.dll Testcab.cab, and then complete the next step. This will sign the CAB file, but this time clicking on the file will reveal that the certificate is not available because the certificate has not been transferred. File properties, digital certificate, Details-〉 View Certificate-〉 Install certificate, go to install Certificate Wizard, store area Select trusted Root certification authority, click Done. On the client test: 1)Join the certificate, browser-〉 tool-〉internet option-〉 content-〉 certificate-〉 Trusted Authority-〉 import certificate. 2)in the case of a certificate, if the server does not join the "trusted URLs", prompting the download will show the certificate signed content, no certificate is prompted to "unknown." 3)If the server has been added to the trusted URLs and the certificate has been imported, no information is prompted to download without the user feeling the situation. If you do not add a trusted URL, the control can download normally but still not work properly, regardless of whether it is signed or not. Iv. questions: 1. Whether you can add "trusted URLs" without adding them. 2. The role of a digital signature, the difference between an authorization certificate and an unauthorized certificate.

About the electronic signature transfer of an active control