Share
 
 

About Digitally Signing Custom Program Files

Digitally signing a custom program file informs the user as to who published the file and whether changes were made to the file after it was signed.

Prior to distributing a custom application, you should consider signing each file that supports digital signatures and will be loaded into an AutoCAD-based program. While digitally signing a custom program file is optional, it is recommended.

The following outlines the benefits of attaching a digital signature to a custom program file:

  • Increases the security for a workstation; loading a digitally signed file lets the user know who published the file and if it was modified after being signed.
  • Files can be loaded from outside of a trusted location; the File Loading - Security Concern message box isn't displayed each time a file is loaded. By default, files in a bundle aren't trusted.
  • All files signed by the same publisher can be trusted; once a publisher is trusted, all custom program files with the same digital signature are automatically trusted.
  • Improves the customer's experience by reducing the number of steps to setup and configure a custom program.

Custom Program Files that Can Be Digitally Signed

You can add a digital signature to the following custom program file types:

  • ARX - ObjectARX file
  • CRX - Console Runtime Extension file; similar to an ARX file except no user interface
  • DBX - ObjectDBX (Object Enabler) file
  • DLL - Menu Resource Library or .NET Assembly
  • FAS - Fast-load AutoLISP file
  • MNL - Menu AutoLISP file
  • LSP - AutoLISP Source file
  • VLX - Compiled AutoLISP project file (MAKELSPAPP and VLISP commands)
Note: VBA project (DVB) and Javascript (JS) files cannot be digitally signed.

Tools Required to Digitally Sign Custom Program Files

Special tools are required to digitally sign a custom program file. The tool required is based on the type of file to be signed. The following provides an overview of the two tools that can be used:

  • AcSignApply.exe - Used to digitally sign AutoLISP files: LSP, MNL, FAS, and VLX. This tool is installed with an AutoCAD-based program and is accessible from the Windows Start menu or screen.
    Note: You can also use this tool attach a digital signature to a DWG file.
  • SignTool.exe - Used to digitally sign binary (ObjectARX and Managed .NET) files: ARX, CRX, DBX, and DLL. This tool is part of the Windows SDK and isn't installed with an AutoCAD-based program. You can download the latest version of the Windows SDK from the Microsoft website (https://developer.microsoft.com/en-us/windows/desktop/).

Attaching a Digital Signature Workflow

The following provides a basic outline of the process that must be followed to attach a digital signature to an AutoLISP or binary file.

Signing an AutoLISP File
  1. Make or obtain a digital certificate from a vendor.

    For information on making a digital certificate, see "To Make a Digital Certificate."

  2. If you make a digital certificate, create a PFX file and then import the digital certificate.

    For more information, see the topics "To Create A Personal Information Exchange (PFX) File" and "To Import a Digital Certificate."

  3. Attach the digital signature to the AutoLISP file with the Attach Digital Signature (AcSignApply.exe) tool.

    For information on signing an AutoLISP file, see "To Digitally Sign an AutoLISP File."

  4. Load the newly signed file into an AutoCAD-based program and verify that the digital signature is recognized.
Signing a Binary File
  1. Make or obtain a digital certificate from a vendor.

    For information on making a digital certificate, see "To Make a Digital Certificate."

  2. If you make a digital certificate, create a PFX file and then import the digital certificate.

    For more information, see the topics "To Create A Personal Information Exchange (PFX) File" and "To Import a Digital Certificate."

  3. Attach the digital signature to the binary file with the Sign Tool (SignTool.exe).

    For information on signing a binary file, see "To Digitally Sign a Binary (ObjectARX or Managed .NET) File."

  4. Load the newly signed file into an AutoCAD-based program and verify that the digital signature is recognized.

Was this information helpful?