Create a signed cab file for the MFC and ATL controls

Create a signed cab file for the MFC and ATL controls

If you plan to sell the MFC control and ATL control over the Internet, you should package it into a signed small (Cabinet-cab) file. Sign the file to ensure that the source code is safe when the user downloads your control. A cab file contains a compressed version of your control and its installation information (for example, which dynamic link library DLL and OCX must be installed together.

Tools for creating and signing the cab file are included in the cab & sign directory on the Visual C ++ 5.0 CD. The utilities in this directory are not automatically installed together when you install visual c ++. Therefore, you must copy the contents in the cab & sign directory to your hard drive.

Before signing a document, you need a software publisher certificate (software publisher certificate ). You must apply for your certificate from the certificate authority. Using tools under the cab & sign directory, you can create a test certificate for testing, but this certificate cannot be used to sign the Code for release. For information on applying for a software publisher certificate, see step 1.

The steps for creating and signing the cab file are as follows:

1. Obtain a software publisher certificate (you can use it permanently only after this application)
2. Create a cab file
3. Sign your documents
4. Embed signed CAB files into a web page (optional) to obtain a software publisher Certificate
You need a software publisher certificate (SPC) prior to signing the document ). Therefore, you must apply to the Certificate Authority. During the application process, you must generate a key pair and provide the certification information to the certificate issuing authority, such as your name, address, and public key. Moreover, you must make a legally binding vow: you cannot or will not publish software that you know or should know contains viruses, or maliciously destroy users' machines or code.

For more details about how to obtain the software publisher certificate, see signing code with Microsoft's Authenticode. To apply for this certificate, see digital certificates for Authenticode. To create a test certificate to test the signing file, see making a test software publisher certificate.

The certificate issuing Authority generates a software publisher certificate that complies with the industrial standard X.509 Certificate Format (including version 3 extension. The certificate is determined and contains your public key, and is archived by the certificate issuing authority as a reference. A copy is returned to you by email. After receiving the certificate, you should include a copy of the certificate in all software signed with a private key to be released.

Obtain a software publisher Certificate
You can use the makecert and cert2spc utilities under the cab & sign directory in the Visual C ++ 5.0 CD to make a certificate of the software publisher. Note that this test software publisher certificate is invalid for real software release, but can be used to test your code signing.

For example, to create a private key file mykey. PVK and a company certificate cert. CER, run the public program makecert. Its command is as follows:

C:/CAB & sign/makecert
-U: mykey
-N: Cn = mysoftwarecompany
-K: mykey. PVK cert. Cer

Mykey is your key name, And mysoftwarecompany is your company name. Note that the utility makecert is case sensitive in command line options. Therefore, you must use lower-case-u,-N, and-K; the value of-N must be Cn = in upper case.

Run the utility cert2spc with the following command to make a certificate named cert. SPC for testing the software publisher:

C:/CAB & sign/cert2spc C:/CAB & sign/root. Cer cert. Cer cert. SPC
Note that the CERT. SPC file is created using the CERT. Cer file you just created using makecert and the root. Cer file under the cab & sign directory.

Create a cab file
This section describes how to create a cab file that can assign ATL and MFC components on the Internet. For more information about the cab file, see file reference, the/Setup API/Overview/cabinet files directory in the setup and System Management Services Section of Visual C ++ 5.0 online documentation.

Create a cab file:

Create an INF file.
Run the common routine cabarc (in the cab & sign directory on the CD ). For example:
C:/CAB & sign/cabarc-s 6144
N myctl. Cab needed1.dll needed2.dll myctl. ocx myctl. inf

Cabarc creates a cab file named myctl. Cab.

You must run cabarc in the directory of your source files (INF, ocx, and DLL files. Files archived in the cab file must be listed on the command line in the same order as they are in the INF file. In the preceding example, the order of the INF file is needed1.dll, needed2.dll, and myctl. ocx.

The-s option reserves space for code signing. The N command specifies that you want to create a cab file. You can view the description of cabarc commands and options by typing cabarc on the command line:

C:/CAB & sign/cabarc
Create an INF file
The inf file is a text file that specifies the files (such as DLL or other OCX) to be downloaded or submitted by the control ). An INF file is bundled with all the required files in the cab compressed file. By default, files with the same version number as existing hard disks are not downloaded. For more information about the INF file and its options (including how to create a platform-independent inf file), see packaging component code for automatic download on the hichina website, or refer to setup and system management services in the platform software development kit (Platform SDK, included in Visual C ++ 5.0 online documentation) some content in the/Setup API/Overview/INF files directory.

As an example, the INF below is used to create a cab file for the ATL polygon control. You can download the ATL polygon sample program from the visual C ++ 5.0 CD to create polygon. dll and create a minimum version. Another DLL, ATL. dll, is required to create the minimum version. ATL. dll must be registered before polygon. dll. Therefore, you must first place ATL. dll in INF.

; Sample inf file for polygon. dll
[Version]
; Version signature (same for both NT and Win95) do not remove
Signature = "$ Chicago $"
Advancedinf = 2.0

[Add. Code]
Polygon. dll = polygon. dll
ATL. dll = ATL. dll

; Needed DLL
[ATL. dll]
File-win32-x86 = thiscab
Fileversion =
Destdir = 11
Registerserver = Yes

[Polygon. dll]
File-win32-x86 = thiscab
CLSID = {4cbbc676-507f-11d0-b98b-000000000000}
Fileversion =
Registerserver = Yes
; End of INF file

This INF specifies that the system needs to install a specific version of ATL. dll. If the file does not exist in the system, you need to download it from the cab file created with the INF. "Thiscab" is a keyword that indicates the cab file containing the INF. You can also download the required DLL file from the Internet. You only need to specify an http url, which can be an absolute or relative path. For example:

File-win32-x86 = http://www.mysite.com/mydir/NEEDED.DLL
The keyword "file-win32-x86" specifies that the platform is x86.

To obtain the version number of a file, right-click the file in Windows NT or Windows 95 explorer, select Properties from the pop-up list, and then select the version label in the pop-up dialog box. Sometimes, you may need to insert an additional 0 in the file version. For example, the dialog box shows that the ATL. dll version is 2.00.7024, And the INF file is changed to 2, 00.

"Destdir" indicates the address of the mounted directory or file: 11. Specify Windows/system or WINNT/system32 as the system directory. 10. Specify windows, windows, or WINNT as the window directory. If destdir is not specified (typically), the code is loaded from the fixed occache directory.

"CLSID" indicates the CLSID of the control to be installed.

After creating the INF file, run the cabarc utility (in the cab & sign directory on the Visual C ++ 5.0 disc) to create the cab file. You must run cabarc under your source file directory. Files archived in the cab file must be listed on the command line in the same order as they are in the INF file. For example, to create a cab file for the polygon control from the above inf file, use the following command:

C:/CAB & sign/cabarc-s 6144 polygon. Cab ATL. dll polygon. dll polygon. inf
The cab file contains the compressed versions of ATL. dll and polygon. dll, and the information required to expand them to the polygon. inf file.

For an example of creating a cab file to download the MFC control, see MFC 4.2b component download information. You need to include the DLL file msvcrt. dll, mfc42.dll, and olepro32.dll In the MFC control.

Sign a cab file
Use code signing Wizard to sign a cab file:

1. Run the public program signcode (under the cab & sign directory of the Visual C ++ 5.0 disc) and start the code signing wizard.
C:/CAB & sign/signcode
2. In the code signing wizard dialog box, click Next to go to the next page.
3. What program do you want to sign? In the edit box, type the cab file you want to sign.
4. What name do you want to use in the certificate? In the edit box, enter the name you want to use in the certificate.
5. Click Next to go to the next page.
6. Under which software developer certificate do you want to sign the program? In the edit box, type the name of the software developer certificate (SPC) file.
7. Which file of the certificate do you want to find the password and key? In the edit box, type the private key (PVK) file name.
8. Click Next twice to go to the last page.
9. Click sign to sign the cab file. Your documents will be digitally signed.
You can sign your DLL and OCX directly without using the cab file. The advantage of a cab file is that it is compressed and, if used together with the INF file, all necessary code can be bundled together.

Embed signed CAB files into a web page
The ATL and MFC controls use labels to embed web pages. In the tag, you need to specify three attributes for the control:
ID-Control name
Classid-control CLSID
Codebase-download control location. Codebase can point to many different file types.
Codebase can direct to an OCX or DLL file:

Codebase = "http://www.mysite.com/mydir/polygon.dll#version=1,0,0,1"
Because this completes the download and installation of DLL or OCX files, any necessary DLL support must have been loaded to the client.

If you include the option version number in the cab file, it should point to the control to be downloaded. For example, if polygon. dll has a version number of, the version number of the cab file must also be:

Codebase = "http://www.mysite.com/mydir/polygon.cab#version=1,0,0,1"
If you do not include the option version number, you cannot replace the old version number of the same component (if they appear on the client.