Folks

So I purchased a digital code signing certificate.  $99 USD per year
at https://secure.ksoftware.net/code_signing.html

Once I got the certificate I spent an hour and a half searching and
searching for the right tool. At first I was looking for codesign and
then was looking for signcode. I ended up with about 20 browser
windows open.

Finally I somehow realized that what I needed was signtool.   Which
was somehow already installed on my system and had a wizard..  And the
VB6 exe was signed in about 5 mouse clicks.  <sigh>

I tested it in a cleanish Virtual PC session and it looks
like it worked.  Well, sorta.  I still got a message about running a
program from the Internet which didn't make any sense given that it
was actually a Virtual PC network share.  Still the unsigned VB6 exe
did give me the ugly  "The Publisher could not be verified" message as
per http://www.*-*-*.com/
new one didn't.  So I'll experiment a bit more.

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.*-*-*.com/
Tony's Microsoft Access Blog - http://www.*-*-*.com/
For a free, convenient utility to keep your users FEs and other files
  updated see http://www.*-*-*.com/
Granite Fleet Manager http://www.*-*-*.com/

This one offers 3 years for $225, which includes a Community Membership to
get the low price:

http://www.lindersoft.com/order_codesigning.htm

When you shop around, make sure that you look for a code signing
certificate, not SSL certificate.

There are basically two ways to get files signed:

1 - By buying certificates from Certificate Authority(CA), like VeriSign,
Comodo, etc. These verify the identity of the purchaser. However, open
source software authors could obtain free ones. These are a must if your
software is generally downloadable by anyone and you want to get rid of
"Unknown Publisher" warning. Some companies use software that restrict what
can be run to signed files. This basically reduces the chances of viruses
running, because a virus writer cannot sign his files, otherwise he would
reveal his identity. He can use a stolen certificate, but this would be
revoked by the Certificate Authority once it was found out. When a user
downloads something and tries to install it, his computer would contact one
of the known Certificate Authorities via the Internet, and verify the
signature before showing a warning to the user and before running the
installer.

2 - For in-house use only, you could use what's called a self-signed
certificate, or test certificate. You can generate that using free tools,
such as the one below, or even via VB(by using CAPICOM, which came with
Windows ME+, or IE5+ for Windows 95/98+). These can have key lengths as much
as from Certificate Authorities, but not trusted unless you perform an
additional configuration step: After creating the test certificate, go to
each computer and go to IE-->Tools-->Internet
Options-->Content-->Certificates, then import it. Now, Windows would trust
files that are signed by this certificate. There is probably a way to do
this in one step in all computers in a domain or workgroup. Note that a
rouge installer cannot perform this configuration step because Windows would
check the signature of the installer first before allowing it to run. When
using this method, no Internet access is required.

Some links:

Certificate Creation Tool (Makecert.exe)
http://msdn.microsoft.com/en-us/library/bfsktky3(VS.71).aspx

Automating Code Signing of Windows Executables
http://www.kinook.com/blog/?p=10

Hi,

I have got digital signature from same company. (btw r u a asp member?)

its fairly easy once get it. get SignGUI tool from www.briggsoft.com

here is step by step instruction for signing on KSoftware homepage.
http://blog.ksoftware.net

--
abhishek
www.abhisoft.net

| Folks
|
| So I purchased a digital code signing certificate.  $99 USD per year
| at https://secure.ksoftware.net/code_signing.html
|
| Once I got the certificate I spent an hour and a half searching and
| searching for the right tool. At first I was looking for codesign and
| then was looking for signcode. I ended up with about 20 browser
| windows open.
|
| Finally I somehow realized that what I needed was signtool.   Which
| was somehow already installed on my system and had a wizard..  And the
| VB6 exe was signed in about 5 mouse clicks.  <sigh>
|
| I tested it in a cleanish Virtual PC session and it looks
| like it worked.  Well, sorta.  I still got a message about running a
| program from the Internet which didn't make any sense given that it
| was actually a Virtual PC network share.  Still the unsigned VB6 exe
| did give me the ugly  "The Publisher could not be verified" message as
| per http://autofeupdater.com/publishercouldnotbeverified.htm and the
| new one didn't.  So I'll experiment a bit more.
|
| Tony
| --
| Tony Toews, Microsoft Access MVP
| Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
| Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
| For a free, convenient utility to keep your users FEs and other files
|  updated see http://www.autofeupdater.com/
| Granite Fleet Manager http://www.granitefleet.com/

here
http://www.briggsoft.com/signgui.htm

No, I'm not an ASP member, assuming you mean Association of Shareware
Professionals, but my software isn't shareware either.  Right now it's
free but that'll be changing with some added features.

I found the MS tool finally and I'm going to stick with that one.

Actually those pages show you how to back up your certificate.  Which
I've done so.  

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
For a free, convenient utility to keep your users FEs and other files
  updated see http://www.autofeupdater.com/
Granite Fleet Manager http://www.granitefleet.com/

That is a good price.    I don't need the community membership part
but that's fine too.

Down a bit on that page is
IMPORTANT: Please read this Lindersoft Community thread before you
order   http://www.lindersoft.com/forums/showthread.php?t=8279
which leads to a thread basically telling you to not order your
certificate on a Windows Vista or newer.  But then when I think about
it that thread doesn't apply to me as I received a PFX file and was
able to use that file directly.

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
For a free, convenient utility to keep your users FEs and other files
  updated see http://www.autofeupdater.com/
Granite Fleet Manager http://www.granitefleet.com/