ActiveX Digital Signature

ActiveX Digital Signature
Keyword: Digital Signature
[Switch] Delphi releases ActiveX Control Digital Signature
 
Original Author: Guangming brother

Recently I am studying ActiveX technology. I used Delphi 7 to create an ActiveX control application with ActiveForm. This control generates a. OCX file. Now, I need to deploy this control on the server. When you browse the Web page and choose to install this control, your IE will download, install, and display this control.
 
However, my control must be digitally signed before IE can be downloaded and installed. The problem is how to digitally sign ActiveX controls? We will share with you the specific steps.
 
First, I need a set of digital signature tools. If you do not have one, you can download it at the following address:
 
Http://files.cnblogs.com/babyt/SignTool.rar
 
The control name is CustForm. ocx. First, we need to create a. CAB file to compress all the files to be released. The file we need to publish together is the CustForm. lic file. It is generated by Delphi when we create a control project. If you do not publish this file, IE cannot display the control even if it is downloaded and installed successfully. To publish multiple files in a. CAB file, we must first create a. INF file. A. INF file can tell IE where and where the files to be downloaded can be obtained.
 
1. Create a. INF file
 
It is easy to create a. INF file. You can write it in notepad. We named our. INF file GMTestX. inf. Because we need to put the GMTest. ocx and GMTest. lic files in the. CAB file, the content of our. INF file is as follows:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[Version]
Signature = "$ CHICAGO $"
AdvancedINF = 2.0
[Add. Code]
CustForm. ocx = CustForm. ocx
CustForm. lic = CustForm. lic // if you do not select Make Conctrol Lincensed when creating the Active Form, the. lic file will not be generated. This line can be removed when creating the. inf file.
[CustForm. ocx]
File-win32-x86 = thiscab
Clsid = {C504DF79-C5EC-4314-AC3E-1F770DB81A01}
FileVersion = 1, 0, 0
RegisterServer = yes
[CustForm. lic] // if you do not select Make Conctrol Lincensed when creating the Active Form, the. lic file will not be generated. This line can be removed when you create the. inf file.
File-win32-x86 = thiscab // if you do not select Make Conctrol Lincensed when creating an Active Form, the. lic file is not generated, you can remove this line when creating the. inf file
FileVersion =, // if you do not select Make Conctrol Lincensed when creating the Active Form, the. lic file will not be generated. inf file can be removed when you create the. inf file.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There are two codes in the [version] section of this. INF file. Signature = "$ CHICAGO $" indicates that this. INF file is compatible with Windows 95 or later versions and Windows NT 4.0 or later versions. AdvancedINF = 2.0 indicates the version of Advpack. dll. IE 4.0 or later versions must import this file to parse this. INF file. The required version is 2.0.
 
As for the [Add. Code] section, it lists the files to be downloaded in A. CAB file and maps the detailed information of these files to the corresponding sections. For example, the information in [CustForm. ocx] is the information about downloading the CustForm. ocx file.
 
The first code in [CustForm. ocx] tells IE that the CustForm. ocx file is included in this. CAB file. The second line indicates the CLSID of the control. The third line is the version number of the control. The fourth line tells IE to use the previous CLSID number to register the control. The [CustForm. lic] section won't be discussed much.
 
2. Create a. CAB file
 
Enter the following code in the command line to add the CustForm. ocx, CustForm. inf, and CustForm. lic files to a. CAB file named CustForm. cab:
 
Cabarc.exe-s 6144 N CustForm. cab CustForm. ocx CustForm. inf CustForm. lic
 
3. Create a certificate file
 
Enter the following command in the command line:
 
Makecert-sv CustForm. pvk-r-n "CN = SunStar" CustForm. cer
 
4. Certificate conversion:
 
Cert2spc CustForm. cer CustForm. spc
 
5. Create another self-signed certificate named test. cer.
 
Enter the following two commands in the command line:
 
Makecert-sv test. pvk-r-n "CN = SunStar" test. cer
 
Cert2spc test. cer test. spc
 
6. Create the test. ctl file from test. cer.
 
Makectl test. cer test. ctl
 
7. Use the CustForm. pvk and CustForm. spc files to digitally sign test. ctl.
 
Signcode-v CustForm. pvk-spc CustForm. spc test. ctl
 
8. Move test. ctl to the storage area of the trusted system.
 
Certmgr-add-ctl test. ctl-s trust
 
9. Move CustForm. cer to the root system storage zone.
 
Certmgr-add-c GMTestX. cer-s root

10. Use test. pvk and test. spc to digitally sign CustForm. cab.
 
Singcode-v test. pvk-spc test. spc CustForm. cab
 
11. Check whether the file has been verified
 
Chktrust CustForm. cab
 
If the file passes the digital signature check, the system will ask whether to install the file. At this time, you must select the installation option to complete the signature process.
 
During the above steps, you may need to enter a password. You can select any password, such as 12345.
 
Next, copy the custform.htm file that calls the Delphi Web deploycommand to the C: \ Inetpub \ wwwroot \ OurHTML folder and modify the file as follows:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<HTML>
<H1> group configuration </H1> <p>
<HR> <center> <P>
<OBJECT
Id = CustForm
Classid = "clsid: 7E302B32-912F-427B-98D0-03AB15716E81"
Codebase = "/OurCAB/CustFormX. cab # version ="
Width = 100%
Height = 80%
Align = center
Hspace = 0
Vspace = 0

<Param name = Invaild value = Invaild>
<Param name = wsroot value = http: // 192.168.0.56: 8080/adms/services/> <! -- Value = {TMPL, OUTPUT, COND} -->
>
</OBJECT>
</HTML>
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Then, move the signed CustForm. cab file to the C: \ Inetpub \ wwwroot \ OurCAB folder.
 
Now, open IE and enter http: // localhost/OurHTML/CustForm.htm in the address bar. Then, IE will ask whether to download the control, you can see the form of our ActiveX control. Success!
 
Finally. The steps are cumbersome, but they seem to have to be done. We do not know much about the technologies involved in this process. Looking at the MSDN document, you can find a lot of information and want to fully understand it. In any case, these steps can be used to achieve the goal. If you find any errors or have any questions, please leave a message. If this article is helpful to you, the goal will be achieved. Thank you.

 

======================================

 

Some technologies are not clear in the middle. For example, when I look up the information today, I will say that digital signatures need to be applied. But it is not stated here. I don't know if I don't need this.