To Digitally Sign a Binary (ObjectARX/Managed .NET/MSI) File

AutoCAD-based programs use digital signatures to verify whether a custom program file can be safely loaded. Binary (ObjectARX and Managed .NET) files with the ARX, CRX, DBX, or DLL file extensions can be digitally signed. Additionally, MSI files created to deploy custom programs can and should also be digitally signed.

Note: The Sign Tool (SignTool.exe) by Microsoft is required to attach a digital signature to a binary file. You must download and install the latest version of the Windows SDK from Microsoft's website (https://developer.microsoft.com/en-us/windows/desktop/) to use the Sign Tool. In addition to the Sign Tool, you will also need to obtain a digital certificate. A digital certificate is typically obtained from a vendor such as Symantec and DigiCert ® , but it is possible to create your own digital certificate for distributing your applications inside your company.

The following is an example of signing a binary file using the SignTool.exe tool:

"C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\signtool.exe" sign /f MyCert.pfx /p MyPassword /t http://timestamp.verisign.com/scripts/timstamp.dll "c:\Autodesk\AdskUtil.arx"

To sign a binary file, do the following:

  1. Click the Windows Start button Windows System Command Prompt.
  2. In the Windows Command Prompt window, type cd %userprofile%\Documents and press Enter to set the Documents folder as the current working folder. If you want to use a different working folder, specify that location instead.
  3. Type the location of the SignTool.exe and the arguments that should be executed.

    The signing of the file should be successful as long as the file isn't marked read-only or in a read-only location.

  4. Do one of the following based on the type of file that was signed:
    • Load the newly signed file into an AutoCAD-based program and verify that the digital signature is recognized.
    • Verify the newly signed MSI file was digitally signed in Windows File Explorer and then test the file to make sure it runs as expected.
  5. Note: The digital certificate must be in the Trusted Root certificate store for an AutoCAD-based program to verify the signature.