Digitally signing a custom program file informs the user as to who published the file and whether changes were made to the file after it was signed.
Prior to distributing a custom application, you should consider signing each file that supports digital signatures and will be loaded into an AutoCAD-based program. While digitally signing a custom program file is optional, it is recommended.
The following outlines the benefits of attaching a digital signature to a custom program file:
- Increases the security for a workstation; loading a digitally signed file lets the user know who published the file and if it was modified after being signed.
- Files can be loaded from outside of a trusted location; the File Loading - Security Concern message box isn't displayed each time a file is loaded. By default, files in a bundle aren't trusted.
- All files signed by the same publisher can be trusted; once a publisher is trusted, all custom program files with the same digital signature are automatically trusted.
- Improves the customer's experience by reducing the number of steps to setup and configure a custom program.
Custom Program Files that Can Be Digitally Signed
You can add a digital signature to the following custom program file types:
- ARX - ObjectARX file
- CRX - Console Runtime Extension file; similar to an ARX file except no user interface
- DBX - ObjectDBX (Object Enabler) file
- DLL - Menu Resource Library or .NET Assembly
- FAS - Fast-load AutoLISP file
- MNL - Menu AutoLISP file
- LSP - AutoLISP Source file
- VLX - Compiled AutoLISP project file (MAKELSPAPP and VLISP commands)
Tools Required to Digitally Sign Custom Program Files
Special tools are required to digitally sign a custom program file. The tool required is based on the type of file to be signed. The following provides an overview of the two tools that can be used:
-
AcSignApply.exe - Used to digitally sign AutoLISP files: LSP, MNL, FAS, and VLX. This tool is installed with an AutoCAD-based program and is accessible from the Windows Start menu or screen.
Note: You can also use this tool attach a digital signature to a DWG file.
- SignTool.exe - Used to digitally sign binary (ObjectARX and Managed .NET) files: ARX, CRX, DBX, and DLL. This tool is part of the Windows SDK and isn't installed with an AutoCAD-based program. You can download the latest version of the Windows SDK from the Microsoft website (https://developer.microsoft.com/en-us/windows/desktop/).
Attaching a Digital Signature Workflow
The following provides a basic outline of the process that must be followed to attach a digital signature to an AutoLISP or binary file.
- Signing an AutoLISP File
-
- Make or obtain a digital certificate from a vendor.
For information on making a digital certificate, see "To Make a Digital Certificate."
- If you make a digital certificate, create a PFX file and then import the digital certificate.
For more information, see the topics "To Create A Personal Information Exchange (PFX) File" and "To Import a Digital Certificate."
- Attach the digital signature to the AutoLISP file with the Attach Digital Signature (AcSignApply.exe) tool.
For information on signing an AutoLISP file, see "To Digitally Sign an AutoLISP File."
- Load the newly signed file into an AutoCAD-based program and verify that the digital signature is recognized.
- Make or obtain a digital certificate from a vendor.
- Signing a Binary File
-
- Make or obtain a digital certificate from a vendor.
For information on making a digital certificate, see "To Make a Digital Certificate."
- If you make a digital certificate, create a PFX file and then import the digital certificate.
For more information, see the topics "To Create A Personal Information Exchange (PFX) File" and "To Import a Digital Certificate."
- Attach the digital signature to the binary file with the Sign Tool (SignTool.exe).
For information on signing a binary file, see "To Digitally Sign a Binary (ObjectARX or Managed .NET) File."
- Load the newly signed file into an AutoCAD-based program and verify that the digital signature is recognized.
- Make or obtain a digital certificate from a vendor.