Yesterday we created our own certificate installed the certificate in the
certificate store and even created a key container for the same.
Today we will use this certificate to create our Software Publicers
certificate and then sign our assembly with it.
To create a software publishers certificate .net framework has provided us
with cert2spc tool.
This utility takes one or more X.509 certificates and creates a software
publisher's certificate (SPC).
Let us create our SPC.
cert2spc myComp.cer Mycomp.spc
After creating our SPC we will now go ahead and sign our assembly.
Go to VS.Net command prompt and type signcode a wizard will open up. This is
a wizard based utility for signing your assemblies although you can use it
with various options from the command prompt also.
To check out the various options by typing signcode /?. For signing our
assembly we will use the wizard.
Type signcode and hit the Enter key to intiate the wizard.
Go ahead and select the file that you want to digitally sign (SELECT AN
EXECUTABLE FILE I.E. .exe).
From the signing options select the Custom and click next
Then select the select from file option and select either your .cer or your
..spc file (Both are supported). Click Next.
To select the private key you can either select the private key from the
..pvk file or you can select the private from your key store.
Note: You can extract your private key to .pvk file using makecert if you
wish to store it in your machine ( but pls be careful if u are using this
option). Since we had added our key to the key container in our machine we
will pick up from there.
So select the first option private key file on disk if you have .pvk file or
select private key in a CSP if you want to select it from your key
We will go ahead with the second option let rest of the values be default
..... select the key container as MyCompCont. The one we created yesterday.
Select any one of the hash algo's either md5 or sha1. Click Next , Next , en
ter the description and web location (they are optional) and reach to the
finish. Click finish . you should get a message saying " The Digital
Signing wizard was completed successfully."
Go to Windows Explorer and check the properties of your assembly it will now
show a new tab called Digital Signatures shown your digital signed
Let us now check whether the this assembly is trust worthy source or not.
For that we will use an another chktrust tool that is shipped with .NET
Go to VS.NET command prompt and run chktrust.exe with the name of your
If the trust for test root is enabled on your machine then then chk trust
will succeed else it will fail. By default it should be disabled hence this
chktrust should fail
Hence when you run for your excutable ir should give u a warn pop-up saying
that test root is not enabled as trusted root.
To enable test root as a trusted root we will have to set its value to true
Go to VS.Net command promt and run setreg as follows
setreg.exe 1 true /// This will set test root as trusted root.
Now re-run the above command
This time it should give u a security wanring saying " *** TEST CERTIFICATE
*** " and saking you whether content from MyComp Technologies should be
trusted or not. Click on yes ...
To explore other options of chktrust and setreg type chktrust /? and setreg
-- Please post your queries and comments for my articles in the usergroup
for the benefit of all. I hope this step from my end is helpful to all of