none
Code Signing

    Question

  • I am currently trying to sign a Managed C++ DLL (developed in Microsoft Visual Studio 2010 Professional) with a code signing certificate from VeriSign. I managed to import the certificate and its private key into the Microsoft certificate store. I then exported it to a .pfx file which can be used to sign code with Visual Studio according to what I know.

    If I try to build the code with the signing set up (Project Properties > Configuration Parameters > Linker > Key File set to the pfx file exported) I get an error message which is not very meaningful: LINK : fatal error LNK1256: ALINK operation failed (80040436) : Error signing assembly -- The parameter is incorrect.

    What do I have to do to get my code signed? What is causing the error?

    Thank you for your help

    Monday, November 10, 2014 7:47 AM

All replies

  • Hi Hazel Grouse,

    Since you want to sign C++ assembly, I will move this case to VC++ forum for better response.

    However, here are two useful link for you:

    http://www.codeproject.com/Articles/35678/How-to-sign-C-CLI-assemblies-with-a-strong-name

    http://msdn.microsoft.com/en-us/library/ie/ms537361(v=vs.85).aspxThank you for your understanding!

    Best regards,


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Tuesday, November 11, 2014 6:02 AM
  • Thank you for the links. In the link

    http://www.codeproject.com/Articles/35678/How-to-sign-C-CLI-assemblies-with-a-strong-name

    it is described that it is not possible to sign a C-CLI assembly with a .pfx file but only with a .snk file. Why is this the case? And how should I proceed to sign a C-CLI assembly with a certificate from a VeriSign which I only have at hand as .pfx file? Is there any way to convert a .pfx file to a .snk file?

    Regards,

    Oliver

    Tuesday, November 11, 2014 7:32 AM
  • I assume signing a .NET assembly (since it is a DLL) is the same as signing any .DLL.  But first, is it important to sign your DLL’s?  Signing them will not change any behavior at runtime; such as Windows showing the “Unknown Publisher” warning as it does when you run an unsigned .EXE.  AFAICS, signing a DLL has no effect, except when you look at the properties of your DLL in Explorer and see a Signatures tab.
     
    If it is important to sign your DLL, use the SIGNTOOL.EXE command line program.  This is available on MSDN (do a search).
     
    The way I do it is I imported by .pfx file into the Certificate Store on my development PC (using command-line START certmgr.msc).  Then I run
        signtool sign /a <myapp.dll>
     
    which actually signs the DLL
     
    Then I run
     
      signtool timestamp /t http://timestamp.comodoca.com/authenticode /v <myapp.dll>
     
     
    which timestamps the signature – if you do this, the signature will never expire; if you don’t do this, the signature will be revoked when your certificate expires.
     
     
    Thanks,
    David
    Tuesday, November 11, 2014 3:56 PM
  • Hi David,

    Thank you for your input.

    It is important to strong-name-sign the DLL since our customers need to strong-name-sign their software. To do so, they require all DLLs they call from their software to be signed.

    Signin after compilation does obviously not work according to our customer:

    "I have attempted to digitally sign FpgaManager.dll myself, but that has not worked. It can only be successfully signed during the build process, so you would have to do it"

    Regards,

    Oliver

    Tuesday, November 11, 2014 4:45 PM
  • Oh, yes, you need to strong name sign your assembly if you want to put it into the GAC.  I didn’t know that was your goal.  I have created a .snk file myself but don’t know if that is suitable for distribution or only for test.  Sorry, I don’t know much about strong name assembly signing.  This is different from code signing.
     
    Good luck,
    David
    Tuesday, November 11, 2014 4:50 PM
  • Hi Hazel,

    Please check this thread, is this what you need?

    https://social.msdn.microsoft.com/Forums/vstudio/en-US/8c706144-7fa9-487a-a06b-8a25c801c682/convert-a-pfx-file-to-snk-file?forum=clr

    Best regards,

    Shu Hu


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Wednesday, November 12, 2014 2:23 AM
  • Hi Shu,

    The tried out the solution from that link. I created a key-container named "obruendl" and then added it (i.e. I set Project Properties > Linker > Advanced > Key Container" to "obruendl") but I then get the error message below:

    Error    1    error LNK1256: ALINK operation failed (80040405) : The key container name 'obruendl' does not exist    C:\work\FpgaManagerTrunk\Projects\Win7\ManagedCpp\LINK    FpgaManager

    Any ideas what I did wrong?

    Wednesday, November 12, 2014 11:14 AM