The AutoCAD program uses digital signatures to verify whether a custom program file can be safely loaded. Binary (ObjectARX and Managed .NET) files with the ARX, CRX, DBX, or DLL file extensions can be digitally signed.
Note: The Sign Tool (SignTool.exe) by Microsoft is required to attach a digital signature to a binary file. You must download and install the latest version of the Windows SDK from Microsoft's website (http://msdn.microsoft.com/en-us/windows/desktop/) to use the Sign Tool. In addition to the Sign Tool, you will also need to obtain a digital certificate. A digital certificate is typically obtained from a vendor such as Symantec
™
and DigiCert
®
, but it is possible to create your own digital certificate for distributing your applications inside your company.
The following is an example of signing a binary file using the SignTool.exe tool:
"C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\signtool.exe" sign /f MyCert.pfx /p MyPassword /t http://timestamp.verisign.com/scripts/timstamp.dll "c:\Autodesk\AdskUtil.arx"
- "C:\Program Files\Microsoft SDKs\Windows\<version>\Bin\MakeCert.exe" - Specifies the location of the SignTool.exe tool.
- sign - Indicates that a binary file will be signed.
- /f MyCert.pfx - Specifies the location of the PFX file that will be used to sign the file. In this example, the file is named MyCert.pfx.
- /p MyPassword - Specifies the password that is assigned to the PFX file. In this example, the password is MyPassword.
- /t http://timestamp.verisign.com/scripts/timstamp.dll - Specifies the URL of the timestamp server. The file on the server must have been previously digitally signed. In this example, the server and file for the timestamp is http://timestamp.verisign.com/scripts/timstamp.dll.
- "c:\Autodesk\AdskUtil.arx" - Specifies the file to be signed. In this example, the file that will be signed is AdskUtil.arx located in the c:\Autodesk folder.
To sign a binary file, do the following:
- Do one of the following to display the Windows Command prompt:
- Windows 7: Click the Windows Start button
All Programs Accessories Command prompt. - Windows 8: On the Windows Start screen, right-click (or use the swipe up gesture from the bottom edge of the screen) and click All Apps. Scroll to the Windows System section, and click Command Prompt.
- Windows 8.1: On the Windows Start screen, click the All Apps button located near the lower-left corner of the screen (or use the swipe up gesture from the bottom edge of the screen). Scroll to the Windows System section, and click Command Prompt.
Tip: On Windows 8/Windows 8.1, on the Start screen, type command and click Command Prompt in the Search pane. - Windows 7: Click the Windows Start button
- In the Windows Command Prompt window, type cd %userprofile%\Documents and press Enter to set the Documents folder as the current working folder. If you want to use a different working folder, specify that location instead.
- Type the location of the SignTool.exe and the arguments that should be executed.
The signing of the file should be successful as long as the file isn't marked read-only or in a read-only location.
- Load the newly signed file into the AutoCAD program and verify that the digital signature is recognized. Note: The digital certificate must be in the Trusted Root certificate store for the AutoCAD program to verify the signature.