Creating a signed CAB file for the MFC and ATL controls If you plan to sell MFC controls and ATL controls via Internet, you should pack it into a Cabinet-Cab file. Signing files Make sure the user downloads your control when the source code is safe. A CAB file contains a compressed version of your control and its installation information (for example, which dynamic link library DLL and OCX is needed).
Create and sign the tool of the CAB file is included below the Cab & Sign directory in the Visual C 5.0 disc. The utility in this directory does not install it automatically when you install Visual C , so you must copy the contents below the Cab & Sign directory to your hard drive.
Before signing the document, you need a software publisher certificate (Software Publisher Certificate). You must apply for your own certificates to the certificate issuance body (Certification Authority). Using the tools below the Cab & Sign directory, you can create a test certificate for testing, but the certificate cannot be used to sign the sale of the code. For information on the application software publisher certificate, please refer to step 1.
Below is the step of creating a CAB file:
1 Get a software publisher certificate (you only need this application) 2 Create a CAB file 3 Sign Your file 4 Embed a web page (optional) to get a software publisher certificate Before the book is signed, you need to have a software publisher certificate (SPC). To do this, you must apply to the certificate issuance authority (Certification Authority). During the application, you must generate a key pair and provide proof information to the certificate issuance organization, such as your name, address, and public key. Moreover, you have to make a legally binding vow: You can't also release you know or you should know that the software containing the virus, or maliciously destroying the user's machine or code.
For more detailed information about how to get a software publisher certificate, please refer to Signing Code With Microsoft's Authenticode. To apply for the certificate, please refer to Digital Certificate for Authenticode; To create a test certificate to test the signing file, refer to Making A Test Software Publisher Certificate.
The certificate issuing agency generates a software publisher certificate that conforms to the Industrial Standard X.509 certificate format (including version 3 extension). The certificate is determined and contains your public key and archives for a certificate issuance agency as a reference, and a copy is returned to you by email. After receiving the certificate, you should include a copy of the certificate in all the software you want to publish, with a private key.
Get a software publisher certificate You can use the Makecert and CERT2SPC utilities under the Cab & Sign directory in the Visual C 5.0 CD to make a test software publisher certificate. Note that the test software publisher certificate is invalid for true software, but can be used to test your code signing.
For example, you have to make a private key file mykey.pvk and a company certificate CERT.CER, run the utility makecert, the command is as follows:
C: / CAB & SIGN / Makecert -u: mykey -n: cn = mysoftwarecompany -k: mykey.pvk cert.cer
Mykey is your name, MySoftwareCompany is your company name. Note that the utility makecert is case sensitive in the command line option, so you must use your lowercase -u, -n, and -k; -n option must be uppercase CN =.
To make a certificate of certban certificate, run the public program CERT2SPC, the command is as follows: C: / CAB & Sign / CERT2SPC C: / CAB & S / CROT.CER CERT.CER CERT.SPC Note that the cert.spc file is used You just created the CERT.CER file created by Makecert and the root.cer file below the CAB & Sign directory.
Creating a part of a CAB file describes how to create a CAB file that can assign ATL and MFC components on an interconnect. If you want to know more about the CAB file, please refer to the Cabinet file reference book (File Reference), which is located in the Platform Software Development Kit (Platform SDK, which is included in the Visual C 5.0 online documentation) settings and system management services The SETUP AND System Management Services section below the / setup API / Overview / Cabinet Files Directory below.
Create a CAB file:
Create an INF file. Run the public routine Cabarc (in the CAB & Sign directory on the CD). For example: C: / CAB & Sign / Cabarc -s 6144n myctl.cab needed1.dll neededed2.dll myctl.ocx myctl.inf
Cabarc created a CAB file called MyCTL.cab.
You must run Cabarc below your source file (INF, OCX, and DLL file). The file archived in the CAB file needs to be listed in the command line, and the order is completely consistent in the INF file. In the above example, the list of INF files is needed1.dll, then Needed2.dll, and finally Myctl.ocx.
The -s option is signed for the code to reserve space. n Commands Specify that the CAB file you want to create. The instructions for the Cabarc command and options can be viewed, and the way is Type Cabarc on the command line:
C: / CAB & SIGN / CABARC Create an INF file INF file is a text file, specifying a file (such as DLL or other OCX) that you want to download or submit. An INF file is bundled with a CAB compressed file. By default, the files identical to the file version number in the existing hard drive are not downloaded. To learn more about INF files and its options (including how to create a stand-alone INF file), please refer to the World WITIC DOWNLOAD, or Reference Platform Software Development Kit (Platform SDK, included in Visual C 5.0 The content of the / setup API / overview / inf dimes directory in the online documentation.
As an example, the following INF is used to create a CAB file for the ATL polygon control. You can create Polygon.dll by downloading the ATL Polygon sample program from the Visual C 5.0 disc and creates a minimum version. Creating this minimum requires another DLL, ATL.dll. Atl.dll To register for Polygon.dll, then place ATL.DLL to INF first.
; Sample Inf file for polygon.dll [Version]; Version Signature (Same for Both NT and Win95) Do Not RemoveSignature = "$ Chicago $" Advancedinf = 2.0
[Add.code] Polygon.dll = Polygon.dllatl.dll = ATL.DLL
; Needed DLL [atl.dll] file-win32-x86 = thiscabFileVersion = 2,00,0,7024DestDir = 11RegisterServer = yes [polygon.dll] file-win32-x86 = thiscabclsid = {4CBBC676-507F-11D0-B98B-000000000000 } Fileversion = 1,0,0,1 registerserver = yes; End of inf file
This INF specifies ATL.dll that the system needs to install a particular version. If there is no file in the system, you need to download the CAB file created with the INF. "thiscab" is a keyword means that the CAB file containing the INF. You can also download the required DLL files from the Internet, as long as you specify an HTTP URL, absolute path or relative paths, such as:
FILE-WIN32-X86 = http://www.mysite.com/mydir/needed.dll keyword "file-win32-x86" specified platform is x86.
The process of getting a version number of a file is: Right-click this file in Windows NT or Windows 95 Explorer; select Properties from the pop-up list, then select the version tag in the dialog that will then pop up. Sometimes you may need to insert an additional 0 in the file version. For example, the version number of the ATL.DLL is displayed in the dialog box is 2.00.7024, which becomes 2,00, 0,7024 in the INF file.
"Destdir" refers to the address of the load directory or file: 11 Specify as the system directory Windows / System or WinNT / System32; 10 specifies the window directory, Windows or Winnt. If DESTDIR is not specified, the code is loaded from the fixed OCCache directory.
"CLSID" refers to the CLSID to install the control.
After creating an INF file, run the Cabarc utility (in the CAB & Sign directory on the Visual C 5.0 disc) Create a CAB file. You must run Cabarc below your source file directory. The file archived in the CAB file needs to be listed in the command line, and the order is completely consistent in the INF file. For example, make a CAB file from the above INF file as a polygon control, you need to use the following command:
C: / CAB & Sign / Cabarc -s 6144 Polygon.cab atl.dll Polygon.dll Polygon.inf This CAB file contains the compressed version of ATL.DLL and POLYGON.DLL, and the information they need to expand them to the Polygon.inf file.
For examples of creating a CAB file downloading the MFC control, please refer to the MFC 4.2B Component Download Information. You need to include the DLL files in the MFC control with MSvCRT.DLL, MFC42.DLL and OLEPRO32.DLL.
Sign a CAB file to use Code Signing Wizard to sign a CAB file:
1. Run the utility SignCode (in the CAB & Sign directory of the Visual C 5.0 CD), start the code signing wizard. C: / CAB & Sign / Sign2. In the Code Signing Wizard dialog box, click Next to go to the next page. 3. In the edit box you want to sign, type the CAB file you want to sign. 4. What is your name? In the Edit box you want to use, type the name you want to use in the certificate. 5. Click Next to go to the next page. 6. In which software developer certificate you want to sign this program? In the Edit box, type the software developer certificate (SPC) file name. 7. Type a private key (PVK) file name in which file you want to find in this certificate. 8. Click next to next to next to the last page. 9. Click Sign to sign the CAB file. Your file will be quoted. You can sign your DLL and OCX without using the CAB file. The advantage of the CAB file is that it is compressed, and if you use it with the INF file, you can bundle all the necessary codes together. Embed a Signed CAB file into a web page ATL and MFC control Use the label to embed the web page. In the label, you need to specify three properties for this control: ID - Control Name CDASSID - Control's CLSID CodeBase - Download the location of the control. CodeBase can point to many different file types. CodeBase can directly point to an OCX file or DLL file:
Codebase = "http://www.mysite.com/mydir/polygon.dll#version=1, 0, 0, 1" Because this only completed the DLL or OCX file download and installation, any necessary DLL support must already Loaded to the client.
If you contain the option version number in the CAB file, it should point to the control to download. For example, if Polygon.dll has a version number 1, 0, 0, 1, the version number of the CAB file must also be 1, 0, 0, 1:
Codebase = "http://www.mysite.com/mydir/polygon.cab#version=1, 0, 0, 1" If you do not include the option version number, you cannot replace a component (if they appear on the client The old version number of the words.